SlideShare uma empresa Scribd logo

In the Line of Fire - The Morphology of Cyber-Attacks

Transferir como PPTX, PDF
Radware
Radware

Presentation from Dennis Usle during TakeDownCon in Huntsville, AL that discusses Availability-based threats; Attacks on U.S. banks and others popular attack patterns & trends.

TecnologiaNotícias e política
1 de 48
Slide 1 In the Line of Fire – the Morphology of Cyber-Attacks Dennis Usle Security Solutions Architect DennisU@Radware.com
AGENDA Availability-based threats Attacks on the US banks Other popular attack patterns & trends
2001 20102005 Attack Risk Time © 2011, Radware, Ltd. Blaster 2003 CodeRed 2001 Nimda (Installed Trojan) 2001 Slammer (Attacking SQL sites) 2003 Vandalism and Publicity Storm (Botnet) 2007 Agobot (DoS Botnet) Srizbi (Botnet) 2007Rustock (Botnet) 2007 Kracken (Botnet) 2009 2010 IMDDOS (Botnet) Financially Motivated Mar 2011 DDoS Wordpress.com Blending Motives Mar 2011 Codero DDoS / Twitter Google / Twitter Attacks2009 Republican website DoS 2004 Estonia’s Web Sites DoS 2007 Georgia Web sites DoS 2008 July 2009 Cyber Attacks US & Korea Dec 2010 Operation Payback Mar 2011 Netbot DDoS Mar 2011 Operation Payback II “Hacktivism” LulzSec Sony, CIA, FBI Peru, Chile Attacker’s Change in Motivation & Techniques “Worms” DDoS “Blend” 3
The Security Trinity Integrity Availability Confidentiality Security Confidentiality, a mainstream adaptation of the “need to know” principle of the military ethic, restricts the access of information to those systems, processes and recipients from which the content was intended to be exposed. Security Integrity in its broadest meaning refers to the trustworthiness of information over its entire life cycle. Security Availability is a characteristic that distinguishes information objects that have signaling and self-sustaining processes from those that do not, either because such functions have ceased (outage, an attack), or else because they lack such functions .
Availability Based Attacks Slide 5 Availability- based Threats Network Floods (Volumetric) Application Floods Low-and-Slow Single-packet DoS
2012 Attack Motivation - ERT Survey Slide 6Radware Confidential Jan 2012
Radware ERT Survey Slide 7Radware Confidential Jan 2012
2012 Target Trend - ERT Survey Slide 8Radware Confidential Jan 2012
Attacks Campaigns Duration Slide 9Radware Confidential Jan 2012
Attack Duration Requires IT to Develop New Skills War Room Skills Are Required Slide 10Radware Confidential Jan 2012
Main Bottlenecks During DoS Attacks - ERT Survey Slide 11Radware Confidential Jan 2012
Attacks Traverse CDNs (Dynamic Object Attacks) Slide 12Radware Confidential Jan 2012
AGENDA 2012 Availability-based threats Attacks on the US banks Other popular attack patterns & trends
Overview • What triggered the recent US attacks? • Who was involved in implementing the attacks and name of the operation? • How long were the attacks and how many attack vectors were involved? • How the attacks work and their effects. • How can we prepare ourselves in the future? Slide 14Radware Confidential Jan 2012
What triggered the attacks on the US banks? • Nakoula Basseley Nakoula (Alias- “Sam Bacile”), an Egyptian born US resident created an anti-Islamic film. • Early September the publication of the „Innocence of Muslims‟ film on YouTube invokes demonstrations throughout the Muslim world. • The video was 14 minutes though a full length movie was released. Slide 15Radware Confidential Jan 2012
Protests Generated by the Movie Slide 16Radware Confidential Jan 2012
The Cyber Response Slide 17Radware Confidential Jan 2012
Who is the group behind the cyber response? • A hacker group called “Izz as-Din al-Qassam Cyber fighters”. • Izz as-Din al-Qassam was a famous Muslim preacher who was a leader in the fight against the French, US and Zionist in the 1920‟s and 1930‟s. • The group claims not to be affiliated to any government or Anonymous. • This group claims to be independent, and it‟s goal is to defend Islam. Slide 18Radware Confidential Jan 2012
Operation Ababil launched! • “Operation Ababil” is the codename of the operation launched on September 18th 2012, by the group Izz as-Din al-Qassam Cyber fighters • The attackers announced they would attack “American and Zionist targets.” • “Ababil” translates to “Swallow” from Persian. Until today the US thinks the Iranian government may be behind the operation. • The goal of the operation is to have YouTube remove the anti-Islamic film from its site. Until today the video has not been removed. Slide 19Radware Confidential Jan 2012
The Attack Vectors and Tactics! Slide 20
Initial attack campaign in 2 phases • The attack campaign was split into 2 phases, a pubic announcement was made in each phase. • The attacks lasted 10 days, from the 18th until the 28th of September. • Phase 1 - Targets > NYSE, BOA, JP Morgan. • Phase 2 – Targets > Wells Fargo, US Banks, PNC. • Phase 3 - Targets > PNC, Fifth Third Bancorp, J.M.Chase, U.S.Bank, UnionBank, Bank of America, Citibank, BB&T and Capitalone. Slide 21Radware Confidential Jan 2012
Attack Vectors • 5 Attack vectors were seen by the ERT team during Operation Ababil. 1. UDP garbage flood. 2. TCP SYN flood. 3. Mobile LOIC (Apache killer version.) 4. HTTP Request flood. 5. ICMP Reply flood. (*Unconfirmed but reported on.) 6. Booters. *Note: Data is gathered by Radware as well as it‟s partners. Radware Confidential Jan 2012
Booters Slide 23 A Booter is a tool used for taking down/booting off websites and servers. Booters introduce high volumetric (server based) attacks and slow-rate attack vectors as a one stop shop.
UDP Garbage Flood • Targeted the DNS servers of the organizations, also HTTP. • 1Gb + in volume. • All attacks were identical in content and in size (Packet structure). • UDP packets sent to port 53 and 80. • Customers attacked Sep 18th and on the 19th. Slide 24Radware Confidential Jan 2012
Tactics used in the UDP Garbage Flood • Internal DNS servers were targeted , at a high rate. • Web servers were also targeted, at a high rate. • Spoofed IP‟s (But kept to just a few, this is unusual.) • ~ 1Gbps. • Lasted more than 7 hours initially but still continues... Packet structure Slide 25 Parameter Value Port 53 Value Port 80 Packet size 1358 Bytes Unknown Value in Garbage ‘A’ (0x41) characters repeated “/http1” (x2fx68x74x74x70x 31) - repetitive Radware Confidential Jan 2012
DNS Garbage Flood packet extract • Some reports of a DNS reflective attack was underway seem to be incorrect. • The packets are considered “Malformed” DNS packets, no relevant DNS header. Slide 26Radware Confidential Jan 2012
Attackers objective of the UDP Garbage Flood • Saturate bandwidth. • Attack will pass through firewall, since port is open. • Saturate session tables/CPU resources on any state -full device, L4 routing rules any router, FW session tables etc. • Returning ICMP type 3 further saturate upstream bandwidth. • All combined will lead to a DoS situation if bandwidth and infrastructure cannot handle the volume or packet processing. Slide 27Radware Confidential Jan 2012
TCP SYN Flood • Targeted Port 53, 80 and 443. • The rate was around 100Mbps with around 135K PPS. • This lasted for more than 3 days. Slide 28Radware Confidential Jan 2012
SYN Flood Packet extract Slide 29 -All sources are spoofed. -Multiple SYN packets to port 443. Radware Confidential Jan 2012
Attackers objective of the TCP SYN Floods • SYN floods are a well known attack vector. • Can be used to distract from more targeted attacks. • The effect of the SYN flood if it slips through can devastate state-full devices quickly. This is done by filling up the session table. • All state-full device has some performance impact under such a flood. • Easy to implement. • Incorrect network architecture will quickly have issues. Slide 30Radware Confidential Jan 2012
Mobile LOIC (Apache killer version) • Mobile LOIC (Low Orbit Iron Cannon) is a DDoS tool written in HTML and Javascript. • This DDoS Tool does an HTTP GET flood. • The tool is designed to do HTTP floods. • We have no statistics on the exact traffic of mobile LOIC. Slide 31 *Suspected*Suspected Radware Confidential Jan 2012
Mobile LOIC in a web browser Slide 32Radware Confidential Jan 2012
HTTP Request Flood • Between 80K and 100K TPS (Transactions Per second.) • Port 80. • Followed the same patterns in the GET request (Except for the Input parameter.) • Dynamic user agent. Slide 33Radware Confidential Jan 2012
HTTP flood packet structure • Sources worldwide (True sources most likely hidden.) • User agent duplicated. • Dynamic Input parameters. GET Requests parameters Slide 34Radware Confidential Jan 2012
Attackers objective of the HTTP flood • Bypass CDN services by randomizing the input parameter and user agents. • Because of the double user agent there was an flaw in the programming behind the attacking tool. • Saturating and exhausting web server resources by keeping session table and web server connection limits occupied. • The attack takes more resources to implement than non connection orientated attacks like TCP SYN floods and UDP garbage floods. This is because of the need to establish a connection. Slide 35Radware Confidential Jan 2012
Identified locations of attacking IPs Slide 36 Worldwide! Radware Confidential Jan 2012
AGENDA 2012 Availability-based threats Attacks on the us banks Others 2012 popular attack patterns & trends
Availability-based Threats Tree Slide 38 Availability- based Threats Network Floods (Volumetric) Application Floods Low-and-Slow Single-packet DoS UPD Flood ICMP Flood SYN Flood Web Flood DNS SMTP HTTPS Radware Confidential Jan 2012
Asymmetric Attacks Slide 39Radware Confidential Jan 2012
HTTP Reflection Attack Slide Website A Website B (Victim) Attacker HTTP GET Radware Confidential Jan 2012
Slide iframe, width=1, height=1 search.php HTTP Reflection Attack Example Radware Confidential Jan 2012
HTTPS – SSL Re Negotiation Attack Slide 42 THC-SSL DoS THC-SSL DOS was developed by a hacking group called The Hacker‟s Choice (THC), as a proof- of-concept to encourage vendors to patch a serious SSL vulnerability. THC-SSL-DOS, as with other “low and slow” attacks, requires only a small number of packets to cause denial-of-service for a fairly large server. It works by initiating a regular SSL handshake and then immediately requesting for the renegotiation of the encryption key, constantly repeating this server resource-intensive renegotiation request until all server resources have been exhausted. Radware Confidential Jan 2012
Low & Slow Slide 43 Availability- based Threats Network Floods (Volumetric) Application Floods Low-and-Slow Single-packet DoS UPD Flood ICMP Flood SYN Flood Web Flood DNS SMTP HTTPS Low-and-Slow Radware Confidential Jan 2012
Low & Slow • Slowloris • Sockstress • R.U.D.Y. • Simultaneous Connection Saturation Slide 44Radware Confidential Jan 2012
R.U.D.Y (R-U-Dead-Yet) Slide 45 R.U.D.Y. (R-U-Dead-Yet?) R.U.D.Y. (R-U-Dead-Yet?) is a slow-rate HTTP POST (Layer 7) denial-of-service tool created by Raviv Raz and named after the Children of Bodom album “Are You Dead Yet?” It achieves denial-of-service by using long form field submissions. By injecting one byte of information into an application POST field at a time and then waiting, R.U.D.Y. causes application threads to await the end of never-ending posts in order to perform processing (this behavior is necessary in order to allow web servers to support users with slower connections). Since R.U.D.Y. causes the target webserver to hang while waiting for the rest of an HTTP POST request, by initiating simultaneous connections to the server the attacker is ultimately able to exhaust the server‟s connection table and create a denial-of-service condition. Radware Confidential Jan 2012
Slowloris Slide 46 Slowloris Slowloris is a denial-of-service (DoS) tool developed by the grey hat hacker “RSnake” that causes DoS by using a very slow HTTP request. By sending HTTP headers to the target site in tiny chunks as slow as possible (waiting to send the next tiny chunk until just before the server would time out the request), the server is forced to continue to wait for the headers to arrive. If enough connections are opened to the server in this fashion, it is quickly unable to handle legitimate requests. Slowloris is cross-platform, except due to Windows’ ~130 simultaneous socket use limit, it is only effective from UNIX-based systems which allow for more connections to be opened in parallel to a target server (although a GUI Python version of Slowloris dubbed PyLoris was able to overcome this limiting factor on Windows). Radware Confidential Jan 2012
Radware Security Products Portfolio Slide 47 AppWall Web Application Firewall (WAF) DefensePro Network & Server attack prevention device APSolute Vision Management and security reporting & compliance
Thank You www.radware.com Radware Confidential Jan 2012

Recomendados

In the Line of Fire-the Morphology of Cyber Attacks
In the Line of Fire-the Morphology of Cyber AttacksIn the Line of Fire-the Morphology of Cyber Attacks
In the Line of Fire-the Morphology of Cyber AttacksRadware
 
Briefing on Recent US Bank Attacks and 2012 Attack Trends
Briefing on Recent US Bank Attacks and 2012 Attack TrendsBriefing on Recent US Bank Attacks and 2012 Attack Trends
Briefing on Recent US Bank Attacks and 2012 Attack TrendsRadware
 
Survival in an Evolving Threat Landscape
Survival in an Evolving Threat LandscapeSurvival in an Evolving Threat Landscape
Survival in an Evolving Threat LandscapeRadware
 
SecureWorld St. Louis: Survival in an Evolving Threat Landscape
SecureWorld St. Louis: Survival in an Evolving Threat LandscapeSecureWorld St. Louis: Survival in an Evolving Threat Landscape
SecureWorld St. Louis: Survival in an Evolving Threat LandscapeRadware
 
In the Line of Fire-the Morphology of Cyber Attacks
In the Line of Fire-the Morphology of Cyber AttacksIn the Line of Fire-the Morphology of Cyber Attacks
In the Line of Fire-the Morphology of Cyber AttacksRadware
 
About cyber war
About cyber warAbout cyber war
About cyber wareugenvaleriu
 
Does a Bear Leak in the Woods?
Does a Bear Leak in the Woods?Does a Bear Leak in the Woods?
Does a Bear Leak in the Woods?ThreatConnect
 
The Art of Cyber War: Cyber Security Strategies in a Rapidly Evolving Theatre
The Art of Cyber War: Cyber Security Strategies in a Rapidly Evolving TheatreThe Art of Cyber War: Cyber Security Strategies in a Rapidly Evolving Theatre
The Art of Cyber War: Cyber Security Strategies in a Rapidly Evolving TheatreRadware
 

Recomendados

In the Line of Fire-the Morphology of Cyber Attacks
In the Line of Fire-the Morphology of Cyber AttacksIn the Line of Fire-the Morphology of Cyber Attacks
In the Line of Fire-the Morphology of Cyber AttacksRadware
 
Briefing on Recent US Bank Attacks and 2012 Attack Trends
Briefing on Recent US Bank Attacks and 2012 Attack TrendsBriefing on Recent US Bank Attacks and 2012 Attack Trends
Briefing on Recent US Bank Attacks and 2012 Attack TrendsRadware
 
Survival in an Evolving Threat Landscape
Survival in an Evolving Threat LandscapeSurvival in an Evolving Threat Landscape
Survival in an Evolving Threat LandscapeRadware
 
SecureWorld St. Louis: Survival in an Evolving Threat Landscape
SecureWorld St. Louis: Survival in an Evolving Threat LandscapeSecureWorld St. Louis: Survival in an Evolving Threat Landscape
SecureWorld St. Louis: Survival in an Evolving Threat LandscapeRadware
 
In the Line of Fire-the Morphology of Cyber Attacks
In the Line of Fire-the Morphology of Cyber AttacksIn the Line of Fire-the Morphology of Cyber Attacks
In the Line of Fire-the Morphology of Cyber AttacksRadware
 
About cyber war
About cyber warAbout cyber war
About cyber wareugenvaleriu
 
Does a Bear Leak in the Woods?
Does a Bear Leak in the Woods?Does a Bear Leak in the Woods?
Does a Bear Leak in the Woods?ThreatConnect
 
The Art of Cyber War: Cyber Security Strategies in a Rapidly Evolving Theatre
The Art of Cyber War: Cyber Security Strategies in a Rapidly Evolving TheatreThe Art of Cyber War: Cyber Security Strategies in a Rapidly Evolving Theatre
The Art of Cyber War: Cyber Security Strategies in a Rapidly Evolving TheatreRadware
 
Cyber war or business as usual
Cyber war or business as usualCyber war or business as usual
Cyber war or business as usualEnclaveSecurity
 
Exploring DDoS Attacks: Impact to Community Financial Institutions
Exploring DDoS Attacks: Impact to Community Financial InstitutionsExploring DDoS Attacks: Impact to Community Financial Institutions
Exploring DDoS Attacks: Impact to Community Financial InstitutionsJay McLaughlin
 
murali_radhika_assignment#6_CS684.doc
murali_radhika_assignment#6_CS684.docmurali_radhika_assignment#6_CS684.doc
murali_radhika_assignment#6_CS684.docRadhika Murali
 
Robin Hoods And Criminals
Robin Hoods And CriminalsRobin Hoods And Criminals
Robin Hoods And CriminalsZiv Ichilov
 
Anonymous Attacks On Tunisian Government
Anonymous Attacks On Tunisian GovernmentAnonymous Attacks On Tunisian Government
Anonymous Attacks On Tunisian GovernmentPositive Hack Days
 
CS101- Introduction to Computing- Lecture 39
CS101- Introduction to Computing- Lecture 39CS101- Introduction to Computing- Lecture 39
CS101- Introduction to Computing- Lecture 39Bilal Ahmed
 
Cyber Security
Cyber SecurityCyber Security
Cyber Securityfrcarlson
 
Infoblox White Paper - Top Five DNS Security Attack Risks and How to Avoid Them
Infoblox White Paper - Top Five DNS Security Attack Risks and How to Avoid ThemInfoblox White Paper - Top Five DNS Security Attack Risks and How to Avoid Them
Infoblox White Paper - Top Five DNS Security Attack Risks and How to Avoid ThemJennifer Nichols
 
Pertemuan 13-keamanan jaringan komputer
Pertemuan 13-keamanan jaringan komputerPertemuan 13-keamanan jaringan komputer
Pertemuan 13-keamanan jaringan komputerBahar Sobari
 
OTI Cyber warefare
OTI Cyber warefareOTI Cyber warefare
OTI Cyber warefareGautham Reddy
 
Robert lewis 4.4_ppp_slideshow_final
Robert lewis 4.4_ppp_slideshow_finalRobert lewis 4.4_ppp_slideshow_final
Robert lewis 4.4_ppp_slideshow_finalJim Lewis
 
Computer crime hacking
Computer crime hackingComputer crime hacking
Computer crime hackingtangytangling
 
PPG_Bio_Recog
PPG_Bio_RecogPPG_Bio_Recog
PPG_Bio_RecogBidhan Barai
 
Hacking Point of Sale
Hacking Point of SaleHacking Point of Sale
Hacking Point of SaleTripwire
 
The power of Structured Journalism & Hacker Culture in NPR
The power of Structured Journalism & Hacker Culture in NPRThe power of Structured Journalism & Hacker Culture in NPR
The power of Structured Journalism & Hacker Culture in NPRPoderomedia
 
Raspberry Pi
Raspberry PiRaspberry Pi
Raspberry PiAnirudh Chauhan
 
National Life IT Department's Cyber Security Awareness Presentation
National Life IT Department's Cyber Security Awareness PresentationNational Life IT Department's Cyber Security Awareness Presentation
National Life IT Department's Cyber Security Awareness PresentationJamie Proctor-Brassard
 
Cyber Security Awareness
Cyber Security AwarenessCyber Security Awareness
Cyber Security AwarenessRamiro Cid
 
Cybersecurity Risk Management for Financial Institutions
Cybersecurity Risk Management for Financial InstitutionsCybersecurity Risk Management for Financial Institutions
Cybersecurity Risk Management for Financial InstitutionsSarah Cirelli
 
Cyber security awareness
Cyber security awarenessCyber security awareness
Cyber security awarenessJason Murray
 
Using Cloud in an Enterprise Environment
Using Cloud in an Enterprise EnvironmentUsing Cloud in an Enterprise Environment
Using Cloud in an Enterprise EnvironmentMike Crabb
 
cyber terrorism
cyber terrorismcyber terrorism
cyber terrorismAccenture
 

Mais conteúdo relacionado

Mais procurados

Cyber war or business as usual
Cyber war or business as usualCyber war or business as usual
Cyber war or business as usualEnclaveSecurity
 
Exploring DDoS Attacks: Impact to Community Financial Institutions
Exploring DDoS Attacks: Impact to Community Financial InstitutionsExploring DDoS Attacks: Impact to Community Financial Institutions
Exploring DDoS Attacks: Impact to Community Financial InstitutionsJay McLaughlin
 
murali_radhika_assignment#6_CS684.doc
murali_radhika_assignment#6_CS684.docmurali_radhika_assignment#6_CS684.doc
murali_radhika_assignment#6_CS684.docRadhika Murali
 
Robin Hoods And Criminals
Robin Hoods And CriminalsRobin Hoods And Criminals
Robin Hoods And CriminalsZiv Ichilov
 
Anonymous Attacks On Tunisian Government
Anonymous Attacks On Tunisian GovernmentAnonymous Attacks On Tunisian Government
Anonymous Attacks On Tunisian GovernmentPositive Hack Days
 
CS101- Introduction to Computing- Lecture 39
CS101- Introduction to Computing- Lecture 39CS101- Introduction to Computing- Lecture 39
CS101- Introduction to Computing- Lecture 39Bilal Ahmed
 
Cyber Security
Cyber SecurityCyber Security
Cyber Securityfrcarlson
 
Infoblox White Paper - Top Five DNS Security Attack Risks and How to Avoid Them
Infoblox White Paper - Top Five DNS Security Attack Risks and How to Avoid ThemInfoblox White Paper - Top Five DNS Security Attack Risks and How to Avoid Them
Infoblox White Paper - Top Five DNS Security Attack Risks and How to Avoid ThemJennifer Nichols
 

Mais procurados (8)

Cyber war or business as usual
Cyber war or business as usualCyber war or business as usual
Cyber war or business as usual
 
Exploring DDoS Attacks: Impact to Community Financial Institutions
Exploring DDoS Attacks: Impact to Community Financial InstitutionsExploring DDoS Attacks: Impact to Community Financial Institutions
Exploring DDoS Attacks: Impact to Community Financial Institutions
 
murali_radhika_assignment#6_CS684.doc
murali_radhika_assignment#6_CS684.docmurali_radhika_assignment#6_CS684.doc
murali_radhika_assignment#6_CS684.doc
 
Robin Hoods And Criminals
Robin Hoods And CriminalsRobin Hoods And Criminals
Robin Hoods And Criminals
 
Anonymous Attacks On Tunisian Government
Anonymous Attacks On Tunisian GovernmentAnonymous Attacks On Tunisian Government
Anonymous Attacks On Tunisian Government
 
CS101- Introduction to Computing- Lecture 39
CS101- Introduction to Computing- Lecture 39CS101- Introduction to Computing- Lecture 39
CS101- Introduction to Computing- Lecture 39
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
 
Infoblox White Paper - Top Five DNS Security Attack Risks and How to Avoid Them
Infoblox White Paper - Top Five DNS Security Attack Risks and How to Avoid ThemInfoblox White Paper - Top Five DNS Security Attack Risks and How to Avoid Them
Infoblox White Paper - Top Five DNS Security Attack Risks and How to Avoid Them
 

Destaque

Pertemuan 13-keamanan jaringan komputer
Pertemuan 13-keamanan jaringan komputerPertemuan 13-keamanan jaringan komputer
Pertemuan 13-keamanan jaringan komputerBahar Sobari
 
Robert lewis 4.4_ppp_slideshow_final
Robert lewis 4.4_ppp_slideshow_finalRobert lewis 4.4_ppp_slideshow_final
Robert lewis 4.4_ppp_slideshow_finalJim Lewis
 
Computer crime hacking
Computer crime hackingComputer crime hacking
Computer crime hackingtangytangling
 
Hacking Point of Sale
Hacking Point of SaleHacking Point of Sale
Hacking Point of SaleTripwire
 
The power of Structured Journalism & Hacker Culture in NPR
The power of Structured Journalism & Hacker Culture in NPRThe power of Structured Journalism & Hacker Culture in NPR
The power of Structured Journalism & Hacker Culture in NPRPoderomedia
 
National Life IT Department's Cyber Security Awareness Presentation
National Life IT Department's Cyber Security Awareness PresentationNational Life IT Department's Cyber Security Awareness Presentation
National Life IT Department's Cyber Security Awareness PresentationJamie Proctor-Brassard
 
Cyber Security Awareness
Cyber Security AwarenessCyber Security Awareness
Cyber Security AwarenessRamiro Cid
 
Cybersecurity Risk Management for Financial Institutions
Cybersecurity Risk Management for Financial InstitutionsCybersecurity Risk Management for Financial Institutions
Cybersecurity Risk Management for Financial InstitutionsSarah Cirelli
 
Cyber security awareness
Cyber security awarenessCyber security awareness
Cyber security awarenessJason Murray
 
Using Cloud in an Enterprise Environment
Using Cloud in an Enterprise EnvironmentUsing Cloud in an Enterprise Environment
Using Cloud in an Enterprise EnvironmentMike Crabb
 
cyber terrorism
cyber terrorismcyber terrorism
cyber terrorismAccenture
 
Cyber Terrorism Presentation
Cyber Terrorism PresentationCyber Terrorism Presentation
Cyber Terrorism Presentationmerlyna
 
Hacking the Web
Hacking the WebHacking the Web
Hacking the WebMike Crabb
 
Cyber Wars And Cyber Terrorism
Cyber Wars And Cyber TerrorismCyber Wars And Cyber Terrorism
Cyber Wars And Cyber TerrorismGanesh DNP
 
Cyber security presentation
Cyber security presentationCyber security presentation
Cyber security presentationBijay Bhandari
 
Cyber Security - awareness, vulnerabilities and solutions
Cyber Security - awareness, vulnerabilities and solutionsCyber Security - awareness, vulnerabilities and solutions
Cyber Security - awareness, vulnerabilities and solutionsinLabFIB
 

Destaque (20)

Pertemuan 13-keamanan jaringan komputer
Pertemuan 13-keamanan jaringan komputerPertemuan 13-keamanan jaringan komputer
Pertemuan 13-keamanan jaringan komputer
 
OTI Cyber warefare
OTI Cyber warefareOTI Cyber warefare
OTI Cyber warefare
 
Robert lewis 4.4_ppp_slideshow_final
Robert lewis 4.4_ppp_slideshow_finalRobert lewis 4.4_ppp_slideshow_final
Robert lewis 4.4_ppp_slideshow_final
 
Computer crime hacking
Computer crime hackingComputer crime hacking
Computer crime hacking
 
PPG_Bio_Recog
PPG_Bio_RecogPPG_Bio_Recog
PPG_Bio_Recog
 
Hacking Point of Sale
Hacking Point of SaleHacking Point of Sale
Hacking Point of Sale
 
The power of Structured Journalism & Hacker Culture in NPR
The power of Structured Journalism & Hacker Culture in NPRThe power of Structured Journalism & Hacker Culture in NPR
The power of Structured Journalism & Hacker Culture in NPR
 
Raspberry Pi
Raspberry PiRaspberry Pi
Raspberry Pi
 
National Life IT Department's Cyber Security Awareness Presentation
National Life IT Department's Cyber Security Awareness PresentationNational Life IT Department's Cyber Security Awareness Presentation
National Life IT Department's Cyber Security Awareness Presentation
 
Cyber Security Awareness
Cyber Security AwarenessCyber Security Awareness
Cyber Security Awareness
 
Cybersecurity Risk Management for Financial Institutions
Cybersecurity Risk Management for Financial InstitutionsCybersecurity Risk Management for Financial Institutions
Cybersecurity Risk Management for Financial Institutions
 
Cyber security awareness
Cyber security awarenessCyber security awareness
Cyber security awareness
 
Using Cloud in an Enterprise Environment
Using Cloud in an Enterprise EnvironmentUsing Cloud in an Enterprise Environment
Using Cloud in an Enterprise Environment
 
cyber terrorism
cyber terrorismcyber terrorism
cyber terrorism
 
Cyber Terrorism Presentation
Cyber Terrorism PresentationCyber Terrorism Presentation
Cyber Terrorism Presentation
 
Hacking the Web
Hacking the WebHacking the Web
Hacking the Web
 
Fire kills 1
Fire kills 1Fire kills 1
Fire kills 1
 
Cyber Wars And Cyber Terrorism
Cyber Wars And Cyber TerrorismCyber Wars And Cyber Terrorism
Cyber Wars And Cyber Terrorism
 
Cyber security presentation
Cyber security presentationCyber security presentation
Cyber security presentation
 
Cyber Security - awareness, vulnerabilities and solutions
Cyber Security - awareness, vulnerabilities and solutionsCyber Security - awareness, vulnerabilities and solutions
Cyber Security - awareness, vulnerabilities and solutions
 

Semelhante a In the Line of Fire - The Morphology of Cyber-Attacks

Computer Security Cyber Security DOS_DDOS Attacks By: Professor Lili Saghafi
Computer Security Cyber Security DOS_DDOS Attacks By: Professor Lili SaghafiComputer Security Cyber Security DOS_DDOS Attacks By: Professor Lili Saghafi
Computer Security Cyber Security DOS_DDOS Attacks By: Professor Lili SaghafiProfessor Lili Saghafi
 
Philippines Cybersecurity Conference 2021: The role of CERTs
Philippines Cybersecurity Conference 2021: The role of CERTsPhilippines Cybersecurity Conference 2021: The role of CERTs
Philippines Cybersecurity Conference 2021: The role of CERTsAPNIC
 
The Art of Cyber War [From Black Hat Brazil 2014]
The Art of Cyber War [From Black Hat Brazil 2014]The Art of Cyber War [From Black Hat Brazil 2014]
The Art of Cyber War [From Black Hat Brazil 2014]Radware
 
Cyber Attack Analysis : Part I DDoS
Cyber Attack Analysis : Part I DDoSCyber Attack Analysis : Part I DDoS
Cyber Attack Analysis : Part I DDoSKenny Huang Ph.D.
 
Cybersecurity: Do Your Have a Plan to Address Threats and Prevent Liability?
Cybersecurity: Do Your Have a Plan to Address Threats and Prevent Liability?Cybersecurity: Do Your Have a Plan to Address Threats and Prevent Liability?
Cybersecurity: Do Your Have a Plan to Address Threats and Prevent Liability?Codero
 
Why the Edge Isn't an Edge Case.pdf
Why the Edge Isn't an Edge Case.pdfWhy the Edge Isn't an Edge Case.pdf
Why the Edge Isn't an Edge Case.pdfWP Engine
 
DNS Security Presentation ISSA
DNS Security Presentation ISSADNS Security Presentation ISSA
DNS Security Presentation ISSASrikrupa Srivatsan
 
Nominum 2016 Fall Data Revelations Security Report
Nominum 2016 Fall Data Revelations Security ReportNominum 2016 Fall Data Revelations Security Report
Nominum 2016 Fall Data Revelations Security ReportYuriy Yuzifovich
 
Nominum Data Science Security Report, Fall 2016
Nominum Data Science Security Report, Fall 2016Nominum Data Science Security Report, Fall 2016
Nominum Data Science Security Report, Fall 2016Brian Metzger
 
Outpost24 webinar: The state of ransomware in 2021 and how to limit your expo...
Outpost24 webinar: The state of ransomware in 2021 and how to limit your expo...Outpost24 webinar: The state of ransomware in 2021 and how to limit your expo...
Outpost24 webinar: The state of ransomware in 2021 and how to limit your expo...Outpost24
 
Disruptionware-TRustedCISO103020v0.7.pptx
Disruptionware-TRustedCISO103020v0.7.pptxDisruptionware-TRustedCISO103020v0.7.pptx
Disruptionware-TRustedCISO103020v0.7.pptxDebra Baker, CISSP CSSP
 
Network Security in 2016
Network Security in 2016Network Security in 2016
Network Security in 2016Qrator Labs
 
Network and Application Security 2017. Prediction 2017
Network and Application Security 2017. Prediction 2017Network and Application Security 2017. Prediction 2017
Network and Application Security 2017. Prediction 2017Wallarm
 
CLASS 2022 - Marty Edwards (Tenable) - O perigo crescente de ransomware crimi...
CLASS 2022 - Marty Edwards (Tenable) - O perigo crescente de ransomware crimi...CLASS 2022 - Marty Edwards (Tenable) - O perigo crescente de ransomware crimi...
CLASS 2022 - Marty Edwards (Tenable) - O perigo crescente de ransomware crimi...TI Safe
 
Securing your web infrastructure
Securing your web infrastructureSecuring your web infrastructure
Securing your web infrastructureWP Engine
 
Network Security - Luxury or Must Have?
Network Security - Luxury or Must Have? Network Security - Luxury or Must Have?
Network Security - Luxury or Must Have? Allot Communications
 

Semelhante a In the Line of Fire - The Morphology of Cyber-Attacks (20)

Computer Security Cyber Security DOS_DDOS Attacks By: Professor Lili Saghafi
Computer Security Cyber Security DOS_DDOS Attacks By: Professor Lili SaghafiComputer Security Cyber Security DOS_DDOS Attacks By: Professor Lili Saghafi
Computer Security Cyber Security DOS_DDOS Attacks By: Professor Lili Saghafi
 
Philippines Cybersecurity Conference 2021: The role of CERTs
Philippines Cybersecurity Conference 2021: The role of CERTsPhilippines Cybersecurity Conference 2021: The role of CERTs
Philippines Cybersecurity Conference 2021: The role of CERTs
 
The Art of Cyber War [From Black Hat Brazil 2014]
The Art of Cyber War [From Black Hat Brazil 2014]The Art of Cyber War [From Black Hat Brazil 2014]
The Art of Cyber War [From Black Hat Brazil 2014]
 
Cyber Attack Analysis : Part I DDoS
Cyber Attack Analysis : Part I DDoSCyber Attack Analysis : Part I DDoS
Cyber Attack Analysis : Part I DDoS
 
Cyber Attack Analysis
Cyber Attack AnalysisCyber Attack Analysis
Cyber Attack Analysis
 
Cyber Threats
Cyber ThreatsCyber Threats
Cyber Threats
 
Cybersecurity: Do Your Have a Plan to Address Threats and Prevent Liability?
Cybersecurity: Do Your Have a Plan to Address Threats and Prevent Liability?Cybersecurity: Do Your Have a Plan to Address Threats and Prevent Liability?
Cybersecurity: Do Your Have a Plan to Address Threats and Prevent Liability?
 
Why the Edge Isn't an Edge Case.pdf
Why the Edge Isn't an Edge Case.pdfWhy the Edge Isn't an Edge Case.pdf
Why the Edge Isn't an Edge Case.pdf
 
Atelier Technique ARBOR NETWORKS ACSS 2018
Atelier Technique ARBOR NETWORKS ACSS 2018Atelier Technique ARBOR NETWORKS ACSS 2018
Atelier Technique ARBOR NETWORKS ACSS 2018
 
DNS Security Presentation ISSA
DNS Security Presentation ISSADNS Security Presentation ISSA
DNS Security Presentation ISSA
 
603535ransomware
603535ransomware603535ransomware
603535ransomware
 
Nominum 2016 Fall Data Revelations Security Report
Nominum 2016 Fall Data Revelations Security ReportNominum 2016 Fall Data Revelations Security Report
Nominum 2016 Fall Data Revelations Security Report
 
Nominum Data Science Security Report, Fall 2016
Nominum Data Science Security Report, Fall 2016Nominum Data Science Security Report, Fall 2016
Nominum Data Science Security Report, Fall 2016
 
Outpost24 webinar: The state of ransomware in 2021 and how to limit your expo...
Outpost24 webinar: The state of ransomware in 2021 and how to limit your expo...Outpost24 webinar: The state of ransomware in 2021 and how to limit your expo...
Outpost24 webinar: The state of ransomware in 2021 and how to limit your expo...
 
Disruptionware-TRustedCISO103020v0.7.pptx
Disruptionware-TRustedCISO103020v0.7.pptxDisruptionware-TRustedCISO103020v0.7.pptx
Disruptionware-TRustedCISO103020v0.7.pptx
 
Network Security in 2016
Network Security in 2016Network Security in 2016
Network Security in 2016
 
Network and Application Security 2017. Prediction 2017
Network and Application Security 2017. Prediction 2017Network and Application Security 2017. Prediction 2017
Network and Application Security 2017. Prediction 2017
 
CLASS 2022 - Marty Edwards (Tenable) - O perigo crescente de ransomware crimi...
CLASS 2022 - Marty Edwards (Tenable) - O perigo crescente de ransomware crimi...CLASS 2022 - Marty Edwards (Tenable) - O perigo crescente de ransomware crimi...
CLASS 2022 - Marty Edwards (Tenable) - O perigo crescente de ransomware crimi...
 
Securing your web infrastructure
Securing your web infrastructureSecuring your web infrastructure
Securing your web infrastructure
 
Network Security - Luxury or Must Have?
Network Security - Luxury or Must Have? Network Security - Luxury or Must Have?
Network Security - Luxury or Must Have?
 

Mais de Radware

Cyber Security Through the Eyes of the C-Suite (Infographic)
Cyber Security Through the Eyes of the C-Suite (Infographic)Cyber Security Through the Eyes of the C-Suite (Infographic)
Cyber Security Through the Eyes of the C-Suite (Infographic)Radware
 
What’s the Cost of a Cyber Attack (Infographic)
What’s the Cost of a Cyber Attack (Infographic)What’s the Cost of a Cyber Attack (Infographic)
What’s the Cost of a Cyber Attack (Infographic)Radware
 
DDoS Threat Landscape - Ron Winward CHINOG16
DDoS Threat Landscape - Ron Winward CHINOG16DDoS Threat Landscape - Ron Winward CHINOG16
DDoS Threat Landscape - Ron Winward CHINOG16Radware
 
Radware Cloud Security Services
Radware Cloud Security ServicesRadware Cloud Security Services
Radware Cloud Security ServicesRadware
 
Radware 2016 State of the Union: Multi Industry Web Performance (Desktop)
Radware 2016 State of the Union: Multi Industry Web Performance (Desktop)Radware 2016 State of the Union: Multi Industry Web Performance (Desktop)
Radware 2016 State of the Union: Multi Industry Web Performance (Desktop)Radware
 
Radware Hybrid Cloud WAF Service
Radware Hybrid Cloud WAF ServiceRadware Hybrid Cloud WAF Service
Radware Hybrid Cloud WAF ServiceRadware
 
The Expanding Role and Importance of Application Delivery Controllers [Resear...
The Expanding Role and Importance of Application Delivery Controllers [Resear...The Expanding Role and Importance of Application Delivery Controllers [Resear...
The Expanding Role and Importance of Application Delivery Controllers [Resear...Radware
 
The Real Cost of Slow Time vs Downtime
The Real Cost of Slow Time vs DowntimeThe Real Cost of Slow Time vs Downtime
The Real Cost of Slow Time vs DowntimeRadware
 
Cyber Attack Survival: Are You Ready?
Cyber Attack Survival: Are You Ready?Cyber Attack Survival: Are You Ready?
Cyber Attack Survival: Are You Ready?Radware
 
Radware ERT Threat Alert: Shellshock Bash
Radware ERT Threat Alert: Shellshock BashRadware ERT Threat Alert: Shellshock Bash
Radware ERT Threat Alert: Shellshock BashRadware
 
Mobile Web Stress: Understanding the Neurological Impact of Poor Performance
Mobile Web Stress: Understanding the Neurological Impact of Poor PerformanceMobile Web Stress: Understanding the Neurological Impact of Poor Performance
Mobile Web Stress: Understanding the Neurological Impact of Poor PerformanceRadware
 
Emotional Engagement and Brand Perception
Emotional Engagement and Brand PerceptionEmotional Engagement and Brand Perception
Emotional Engagement and Brand PerceptionRadware
 
InfoSecurity Europe 2014: The Art Of Cyber War
InfoSecurity Europe 2014: The Art Of Cyber WarInfoSecurity Europe 2014: The Art Of Cyber War
InfoSecurity Europe 2014: The Art Of Cyber WarRadware
 
OpenStack Networking: Developing and Delivering a Commercial Solution for Lo...
OpenStack Networking: Developing and Delivering a Commercial Solution for Lo...OpenStack Networking: Developing and Delivering a Commercial Solution for Lo...
OpenStack Networking: Developing and Delivering a Commercial Solution for Lo...Radware
 
Radware DefenseFlow-The SDN Application That Programs Networks for DoS Security
Radware DefenseFlow-The SDN Application That Programs Networks for DoS Security Radware DefenseFlow-The SDN Application That Programs Networks for DoS Security
Radware DefenseFlow-The SDN Application That Programs Networks for DoS Security Radware
 
In the Line of Fire-the Morphology of Cyber Attacks
In the Line of Fire-the Morphology of Cyber AttacksIn the Line of Fire-the Morphology of Cyber Attacks
In the Line of Fire-the Morphology of Cyber AttacksRadware
 
SecureWorld: Information Security Adaption: Survival In An Evolving Threat L...
SecureWorld: Information Security Adaption: Survival In An Evolving Threat L...SecureWorld: Information Security Adaption: Survival In An Evolving Threat L...
SecureWorld: Information Security Adaption: Survival In An Evolving Threat L...Radware
 
Providing best response times, tightest security and highest availability for...
Providing best response times, tightest security and highest availability for...Providing best response times, tightest security and highest availability for...
Providing best response times, tightest security and highest availability for...Radware
 
Stock Exchanges in the Line of Fire-Morphology of Cyber Attacks
Stock Exchanges in the Line of Fire-Morphology of Cyber AttacksStock Exchanges in the Line of Fire-Morphology of Cyber Attacks
Stock Exchanges in the Line of Fire-Morphology of Cyber AttacksRadware
 
Attackers Vs. Defenders: Restoring the Equilibrium
Attackers Vs. Defenders: Restoring the EquilibriumAttackers Vs. Defenders: Restoring the Equilibrium
Attackers Vs. Defenders: Restoring the EquilibriumRadware
 

Mais de Radware (20)

Cyber Security Through the Eyes of the C-Suite (Infographic)
Cyber Security Through the Eyes of the C-Suite (Infographic)Cyber Security Through the Eyes of the C-Suite (Infographic)
Cyber Security Through the Eyes of the C-Suite (Infographic)
 
What’s the Cost of a Cyber Attack (Infographic)
What’s the Cost of a Cyber Attack (Infographic)What’s the Cost of a Cyber Attack (Infographic)
What’s the Cost of a Cyber Attack (Infographic)
 
DDoS Threat Landscape - Ron Winward CHINOG16
DDoS Threat Landscape - Ron Winward CHINOG16DDoS Threat Landscape - Ron Winward CHINOG16
DDoS Threat Landscape - Ron Winward CHINOG16
 
Radware Cloud Security Services
Radware Cloud Security ServicesRadware Cloud Security Services
Radware Cloud Security Services
 
Radware 2016 State of the Union: Multi Industry Web Performance (Desktop)
Radware 2016 State of the Union: Multi Industry Web Performance (Desktop)Radware 2016 State of the Union: Multi Industry Web Performance (Desktop)
Radware 2016 State of the Union: Multi Industry Web Performance (Desktop)
 
Radware Hybrid Cloud WAF Service
Radware Hybrid Cloud WAF ServiceRadware Hybrid Cloud WAF Service
Radware Hybrid Cloud WAF Service
 
The Expanding Role and Importance of Application Delivery Controllers [Resear...
The Expanding Role and Importance of Application Delivery Controllers [Resear...The Expanding Role and Importance of Application Delivery Controllers [Resear...
The Expanding Role and Importance of Application Delivery Controllers [Resear...
 
The Real Cost of Slow Time vs Downtime
The Real Cost of Slow Time vs DowntimeThe Real Cost of Slow Time vs Downtime
The Real Cost of Slow Time vs Downtime
 
Cyber Attack Survival: Are You Ready?
Cyber Attack Survival: Are You Ready?Cyber Attack Survival: Are You Ready?
Cyber Attack Survival: Are You Ready?
 
Radware ERT Threat Alert: Shellshock Bash
Radware ERT Threat Alert: Shellshock BashRadware ERT Threat Alert: Shellshock Bash
Radware ERT Threat Alert: Shellshock Bash
 
Mobile Web Stress: Understanding the Neurological Impact of Poor Performance
Mobile Web Stress: Understanding the Neurological Impact of Poor PerformanceMobile Web Stress: Understanding the Neurological Impact of Poor Performance
Mobile Web Stress: Understanding the Neurological Impact of Poor Performance
 
Emotional Engagement and Brand Perception
Emotional Engagement and Brand PerceptionEmotional Engagement and Brand Perception
Emotional Engagement and Brand Perception
 
InfoSecurity Europe 2014: The Art Of Cyber War
InfoSecurity Europe 2014: The Art Of Cyber WarInfoSecurity Europe 2014: The Art Of Cyber War
InfoSecurity Europe 2014: The Art Of Cyber War
 
OpenStack Networking: Developing and Delivering a Commercial Solution for Lo...
OpenStack Networking: Developing and Delivering a Commercial Solution for Lo...OpenStack Networking: Developing and Delivering a Commercial Solution for Lo...
OpenStack Networking: Developing and Delivering a Commercial Solution for Lo...
 
Radware DefenseFlow-The SDN Application That Programs Networks for DoS Security
Radware DefenseFlow-The SDN Application That Programs Networks for DoS Security Radware DefenseFlow-The SDN Application That Programs Networks for DoS Security
Radware DefenseFlow-The SDN Application That Programs Networks for DoS Security
 
In the Line of Fire-the Morphology of Cyber Attacks
In the Line of Fire-the Morphology of Cyber AttacksIn the Line of Fire-the Morphology of Cyber Attacks
In the Line of Fire-the Morphology of Cyber Attacks
 
SecureWorld: Information Security Adaption: Survival In An Evolving Threat L...
SecureWorld: Information Security Adaption: Survival In An Evolving Threat L...SecureWorld: Information Security Adaption: Survival In An Evolving Threat L...
SecureWorld: Information Security Adaption: Survival In An Evolving Threat L...
 
Providing best response times, tightest security and highest availability for...
Providing best response times, tightest security and highest availability for...Providing best response times, tightest security and highest availability for...
Providing best response times, tightest security and highest availability for...
 
Stock Exchanges in the Line of Fire-Morphology of Cyber Attacks
Stock Exchanges in the Line of Fire-Morphology of Cyber AttacksStock Exchanges in the Line of Fire-Morphology of Cyber Attacks
Stock Exchanges in the Line of Fire-Morphology of Cyber Attacks
 
Attackers Vs. Defenders: Restoring the Equilibrium
Attackers Vs. Defenders: Restoring the EquilibriumAttackers Vs. Defenders: Restoring the Equilibrium
Attackers Vs. Defenders: Restoring the Equilibrium
 

Último

Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?XfilesPro
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphNeo4j
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksSoftradix Technologies
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxLBM Solutions
 

Último (20)

Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other Frameworks
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptx
 

In the Line of Fire - The Morphology of Cyber-Attacks

  • 1. Slide 1 In the Line of Fire – the Morphology of Cyber-Attacks Dennis Usle Security Solutions Architect DennisU@Radware.com
  • 2. AGENDA Availability-based threats Attacks on the US banks Other popular attack patterns & trends
  • 3. 2001 20102005 Attack Risk Time © 2011, Radware, Ltd. Blaster 2003 CodeRed 2001 Nimda (Installed Trojan) 2001 Slammer (Attacking SQL sites) 2003 Vandalism and Publicity Storm (Botnet) 2007 Agobot (DoS Botnet) Srizbi (Botnet) 2007Rustock (Botnet) 2007 Kracken (Botnet) 2009 2010 IMDDOS (Botnet) Financially Motivated Mar 2011 DDoS Wordpress.com Blending Motives Mar 2011 Codero DDoS / Twitter Google / Twitter Attacks2009 Republican website DoS 2004 Estonia’s Web Sites DoS 2007 Georgia Web sites DoS 2008 July 2009 Cyber Attacks US & Korea Dec 2010 Operation Payback Mar 2011 Netbot DDoS Mar 2011 Operation Payback II “Hacktivism” LulzSec Sony, CIA, FBI Peru, Chile Attacker’s Change in Motivation & Techniques “Worms” DDoS “Blend” 3
  • 4. The Security Trinity Integrity Availability Confidentiality Security Confidentiality, a mainstream adaptation of the “need to know” principle of the military ethic, restricts the access of information to those systems, processes and recipients from which the content was intended to be exposed. Security Integrity in its broadest meaning refers to the trustworthiness of information over its entire life cycle. Security Availability is a characteristic that distinguishes information objects that have signaling and self-sustaining processes from those that do not, either because such functions have ceased (outage, an attack), or else because they lack such functions .
  • 5. Availability Based Attacks Slide 5 Availability- based Threats Network Floods (Volumetric) Application Floods Low-and-Slow Single-packet DoS
  • 6. 2012 Attack Motivation - ERT Survey Slide 6Radware Confidential Jan 2012
  • 7. Radware ERT Survey Slide 7Radware Confidential Jan 2012
  • 8. 2012 Target Trend - ERT Survey Slide 8Radware Confidential Jan 2012
  • 9. Attacks Campaigns Duration Slide 9Radware Confidential Jan 2012
  • 10. Attack Duration Requires IT to Develop New Skills War Room Skills Are Required Slide 10Radware Confidential Jan 2012
  • 11. Main Bottlenecks During DoS Attacks - ERT Survey Slide 11Radware Confidential Jan 2012
  • 12. Attacks Traverse CDNs (Dynamic Object Attacks) Slide 12Radware Confidential Jan 2012
  • 13. AGENDA 2012 Availability-based threats Attacks on the US banks Other popular attack patterns & trends
  • 14. Overview • What triggered the recent US attacks? • Who was involved in implementing the attacks and name of the operation? • How long were the attacks and how many attack vectors were involved? • How the attacks work and their effects. • How can we prepare ourselves in the future? Slide 14Radware Confidential Jan 2012
  • 15. What triggered the attacks on the US banks? • Nakoula Basseley Nakoula (Alias- “Sam Bacile”), an Egyptian born US resident created an anti-Islamic film. • Early September the publication of the „Innocence of Muslims‟ film on YouTube invokes demonstrations throughout the Muslim world. • The video was 14 minutes though a full length movie was released. Slide 15Radware Confidential Jan 2012
  • 16. Protests Generated by the Movie Slide 16Radware Confidential Jan 2012
  • 17. The Cyber Response Slide 17Radware Confidential Jan 2012
  • 18. Who is the group behind the cyber response? • A hacker group called “Izz as-Din al-Qassam Cyber fighters”. • Izz as-Din al-Qassam was a famous Muslim preacher who was a leader in the fight against the French, US and Zionist in the 1920‟s and 1930‟s. • The group claims not to be affiliated to any government or Anonymous. • This group claims to be independent, and it‟s goal is to defend Islam. Slide 18Radware Confidential Jan 2012
  • 19. Operation Ababil launched! • “Operation Ababil” is the codename of the operation launched on September 18th 2012, by the group Izz as-Din al-Qassam Cyber fighters • The attackers announced they would attack “American and Zionist targets.” • “Ababil” translates to “Swallow” from Persian. Until today the US thinks the Iranian government may be behind the operation. • The goal of the operation is to have YouTube remove the anti-Islamic film from its site. Until today the video has not been removed. Slide 19Radware Confidential Jan 2012
  • 20. The Attack Vectors and Tactics! Slide 20
  • 21. Initial attack campaign in 2 phases • The attack campaign was split into 2 phases, a pubic announcement was made in each phase. • The attacks lasted 10 days, from the 18th until the 28th of September. • Phase 1 - Targets > NYSE, BOA, JP Morgan. • Phase 2 – Targets > Wells Fargo, US Banks, PNC. • Phase 3 - Targets > PNC, Fifth Third Bancorp, J.M.Chase, U.S.Bank, UnionBank, Bank of America, Citibank, BB&T and Capitalone. Slide 21Radware Confidential Jan 2012
  • 22. Attack Vectors • 5 Attack vectors were seen by the ERT team during Operation Ababil. 1. UDP garbage flood. 2. TCP SYN flood. 3. Mobile LOIC (Apache killer version.) 4. HTTP Request flood. 5. ICMP Reply flood. (*Unconfirmed but reported on.) 6. Booters. *Note: Data is gathered by Radware as well as it‟s partners. Radware Confidential Jan 2012
  • 23. Booters Slide 23 A Booter is a tool used for taking down/booting off websites and servers. Booters introduce high volumetric (server based) attacks and slow-rate attack vectors as a one stop shop.
  • 24. UDP Garbage Flood • Targeted the DNS servers of the organizations, also HTTP. • 1Gb + in volume. • All attacks were identical in content and in size (Packet structure). • UDP packets sent to port 53 and 80. • Customers attacked Sep 18th and on the 19th. Slide 24Radware Confidential Jan 2012
  • 25. Tactics used in the UDP Garbage Flood • Internal DNS servers were targeted , at a high rate. • Web servers were also targeted, at a high rate. • Spoofed IP‟s (But kept to just a few, this is unusual.) • ~ 1Gbps. • Lasted more than 7 hours initially but still continues... Packet structure Slide 25 Parameter Value Port 53 Value Port 80 Packet size 1358 Bytes Unknown Value in Garbage ‘A’ (0x41) characters repeated “/http1” (x2fx68x74x74x70x 31) - repetitive Radware Confidential Jan 2012
  • 26. DNS Garbage Flood packet extract • Some reports of a DNS reflective attack was underway seem to be incorrect. • The packets are considered “Malformed” DNS packets, no relevant DNS header. Slide 26Radware Confidential Jan 2012
  • 27. Attackers objective of the UDP Garbage Flood • Saturate bandwidth. • Attack will pass through firewall, since port is open. • Saturate session tables/CPU resources on any state -full device, L4 routing rules any router, FW session tables etc. • Returning ICMP type 3 further saturate upstream bandwidth. • All combined will lead to a DoS situation if bandwidth and infrastructure cannot handle the volume or packet processing. Slide 27Radware Confidential Jan 2012
  • 28. TCP SYN Flood • Targeted Port 53, 80 and 443. • The rate was around 100Mbps with around 135K PPS. • This lasted for more than 3 days. Slide 28Radware Confidential Jan 2012
  • 29. SYN Flood Packet extract Slide 29 -All sources are spoofed. -Multiple SYN packets to port 443. Radware Confidential Jan 2012
  • 30. Attackers objective of the TCP SYN Floods • SYN floods are a well known attack vector. • Can be used to distract from more targeted attacks. • The effect of the SYN flood if it slips through can devastate state-full devices quickly. This is done by filling up the session table. • All state-full device has some performance impact under such a flood. • Easy to implement. • Incorrect network architecture will quickly have issues. Slide 30Radware Confidential Jan 2012
  • 31. Mobile LOIC (Apache killer version) • Mobile LOIC (Low Orbit Iron Cannon) is a DDoS tool written in HTML and Javascript. • This DDoS Tool does an HTTP GET flood. • The tool is designed to do HTTP floods. • We have no statistics on the exact traffic of mobile LOIC. Slide 31 *Suspected*Suspected Radware Confidential Jan 2012
  • 32. Mobile LOIC in a web browser Slide 32Radware Confidential Jan 2012
  • 33. HTTP Request Flood • Between 80K and 100K TPS (Transactions Per second.) • Port 80. • Followed the same patterns in the GET request (Except for the Input parameter.) • Dynamic user agent. Slide 33Radware Confidential Jan 2012
  • 34. HTTP flood packet structure • Sources worldwide (True sources most likely hidden.) • User agent duplicated. • Dynamic Input parameters. GET Requests parameters Slide 34Radware Confidential Jan 2012
  • 35. Attackers objective of the HTTP flood • Bypass CDN services by randomizing the input parameter and user agents. • Because of the double user agent there was an flaw in the programming behind the attacking tool. • Saturating and exhausting web server resources by keeping session table and web server connection limits occupied. • The attack takes more resources to implement than non connection orientated attacks like TCP SYN floods and UDP garbage floods. This is because of the need to establish a connection. Slide 35Radware Confidential Jan 2012
  • 36. Identified locations of attacking IPs Slide 36 Worldwide! Radware Confidential Jan 2012
  • 37. AGENDA 2012 Availability-based threats Attacks on the us banks Others 2012 popular attack patterns & trends
  • 38. Availability-based Threats Tree Slide 38 Availability- based Threats Network Floods (Volumetric) Application Floods Low-and-Slow Single-packet DoS UPD Flood ICMP Flood SYN Flood Web Flood DNS SMTP HTTPS Radware Confidential Jan 2012
  • 39. Asymmetric Attacks Slide 39Radware Confidential Jan 2012
  • 40. HTTP Reflection Attack Slide Website A Website B (Victim) Attacker HTTP GET Radware Confidential Jan 2012
  • 41. Slide iframe, width=1, height=1 search.php HTTP Reflection Attack Example Radware Confidential Jan 2012
  • 42. HTTPS – SSL Re Negotiation Attack Slide 42 THC-SSL DoS THC-SSL DOS was developed by a hacking group called The Hacker‟s Choice (THC), as a proof- of-concept to encourage vendors to patch a serious SSL vulnerability. THC-SSL-DOS, as with other “low and slow” attacks, requires only a small number of packets to cause denial-of-service for a fairly large server. It works by initiating a regular SSL handshake and then immediately requesting for the renegotiation of the encryption key, constantly repeating this server resource-intensive renegotiation request until all server resources have been exhausted. Radware Confidential Jan 2012
  • 43. Low & Slow Slide 43 Availability- based Threats Network Floods (Volumetric) Application Floods Low-and-Slow Single-packet DoS UPD Flood ICMP Flood SYN Flood Web Flood DNS SMTP HTTPS Low-and-Slow Radware Confidential Jan 2012
  • 44. Low & Slow • Slowloris • Sockstress • R.U.D.Y. • Simultaneous Connection Saturation Slide 44Radware Confidential Jan 2012
  • 45. R.U.D.Y (R-U-Dead-Yet) Slide 45 R.U.D.Y. (R-U-Dead-Yet?) R.U.D.Y. (R-U-Dead-Yet?) is a slow-rate HTTP POST (Layer 7) denial-of-service tool created by Raviv Raz and named after the Children of Bodom album “Are You Dead Yet?” It achieves denial-of-service by using long form field submissions. By injecting one byte of information into an application POST field at a time and then waiting, R.U.D.Y. causes application threads to await the end of never-ending posts in order to perform processing (this behavior is necessary in order to allow web servers to support users with slower connections). Since R.U.D.Y. causes the target webserver to hang while waiting for the rest of an HTTP POST request, by initiating simultaneous connections to the server the attacker is ultimately able to exhaust the server‟s connection table and create a denial-of-service condition. Radware Confidential Jan 2012
  • 46. Slowloris Slide 46 Slowloris Slowloris is a denial-of-service (DoS) tool developed by the grey hat hacker “RSnake” that causes DoS by using a very slow HTTP request. By sending HTTP headers to the target site in tiny chunks as slow as possible (waiting to send the next tiny chunk until just before the server would time out the request), the server is forced to continue to wait for the headers to arrive. If enough connections are opened to the server in this fashion, it is quickly unable to handle legitimate requests. Slowloris is cross-platform, except due to Windows’ ~130 simultaneous socket use limit, it is only effective from UNIX-based systems which allow for more connections to be opened in parallel to a target server (although a GUI Python version of Slowloris dubbed PyLoris was able to overcome this limiting factor on Windows). Radware Confidential Jan 2012
  • 47. Radware Security Products Portfolio Slide 47 AppWall Web Application Firewall (WAF) DefensePro Network & Server attack prevention device APSolute Vision Management and security reporting & compliance

Notas do Editor

  1. Radware breaks down the security model into three categories: Confidentiality, Integrity and Availability.Think of it as follows:Confidentiality: A compromise here results in the theft or destruction of business-critical information or customer dataIntegrity: Often linked to confidentiality but damage to a businesses systems obviously can have a major impact. An extreme example that you might have heard of would be the Stuxnet virus that was designed to damage the centrifuge machines used in Iran to purify nuclear material.Availability: The ability for your business to operate. Denial of Service attacks target this dimension – designed purely to disrutp business operation.
  2. Here we have the 4 Primary Categories of Availability Based Threats, Network & Application Floods, Low & Slow and Single Packet DOS. The pie charts below illustrate actual use of these attack vectors based on ERT Case history. Over the past few years Application layer attacks have become a significant threat, with Web/SSL and DNS being the fast growing vectors.
  3. Based on the Radware Global Security Survey of the industry 57% of attacks have unknown motive. 22% of attacks have an ideological/hacktivist motive.
  4. 80% of respondents believe they are not protected and businesses will be impacted by DDOS attacks.
  5. While Gaming, Ecommerce maintain risk. Government,Financial Institutions take the biggest shift toward bullseye! These are VERY Likely targets for 2013.
  6. Attack Campaigns are becoming more and more persistent, with 23% of attacks lasting more than one week!
  7. Shift from 2 Security Phases to 3Pre Attack – audit, vuln scanning, pen tests, etc.Post Attack - forensics, process adjustments, preparation, etc.NEW Phase Cyber War Room24/7Trained under fire (war games, etc)Coverage
  8. SIZE
  9. We are going to take a look at the attacks on the US Banks. We’ll review the attack source, motivation, duration, attack vectors and preparation.
  10. -This pic is from the very beginning of the video, stating “There is an angry mob in the middle of the street”*Notes -  On September 9, 2012, an excerpt of the YouTube video was broadcast on Al-Nas TV, an Egyptian Islamist television station.[11][12]Demonstrations and violent protests against the film broke out on September 11 in Egypt and spread to other Arab and Muslim nations and some western countries.
  11. -Libyan riots top left - http://www.foreignpolicy.com/articles/2012/09/14/why_the_embassy_riots_wont_stop.-Lebonon riots bottom left - http://au.ibtimes.com/articles_slideshows/384606/20120915/lebanon-protesters-destroy-kentucky-fried-chicken-and-hardees-over-innocence-of-muslims-film-photos.htm
  12. Links about Izz as-Din al-Quassam The preacher - http://en.wikipedia.org/wiki/Izz_ad-Din_al-Qassam *Notes - The Levant includes most of modern Lebanon, Syria, Jordan, State of Palestine, Israel, Cyprus, Hatay Province of Turkey, some regions of northwestern Iraq and theSinai Peninsula.Links about the Cyber hacker group - http://www.globalpost.com/dispatches/globalpost-blogs/the-grid/who-are-the-izz-ad-din-al-qassam-cyber-fightershttp://www.ehackingnews.com/2012/12/izz-ad-din-al-qassam-cyber-fighters.htmlPic from - http://www.standupamericaus.org/terror-jihad/cyber-fighters-of-izz-al-din-al-qassam-alert-to-banks-in-usa/
  13. Claim to have no current ties to Anonymous Collective nor any Nation State.Goal is to have the Anti-Muslim Video taken off of YouTubeAbabil (Persian) translates to Swallow Links for translation of ababil - http://en.wikipedia.org/wiki/Ghods_AbabilThe pic from - http://en.wikipedia.org/wiki/File:Hirundo_abyssinica.jpgClaims of Iranian involvement -http://betabeat.com/2012/09/iran-possibly-behind-operation-ababil-cyber-attacks-against-financial-institutions/http://features.rr.com/article/0coOckreSy1vL?q=Bank+of+America
  14. Pic taken from - http://news.yahoo.com/americas-failing-grade-cyber-attack-readiness-153640058--abc-news-topstories.html
  15. Data taken from internal doc.Phase 3 OpAbabil – Announced March 5th (ongoing) and expected to last 11 weeks. While Phase 3 is not in my presentation today . Encrypted Attacks are a BIG problem for the current protection in place.
  16. -Taken from internal report.
  17. -Taken from internal report.
  18. Reflective attack - Attackers send forged requests of some type to a very large number of computers that will reply to the requests. Using spoofed SRC IP’s of the victim, which means all the replies will go to (and flood) the target.
  19. -Stateful inspection in the DNS area is limited. Was in smartdefense at CP, but how many people use it?-The server is forced to respond with ICMP packets “Destination Unreachable” (ICMP type3 Code 3) for port closed when udp packet arrives.-Returning ICMP type 3 further saturate (Packet size in return will be close to received packet).
  20. -Internal data.
  21. -The SYN flood attack simply sends a high rate of SYN’s with spoofed IP’s and the server is left waiting for the ACK.-This means the attacker needs much fewer hosts to exhaust target machine because no session is actually kept alive on the “Attackers” side.-You exhaust the Backlog of the TCP stack (Linux default is 3mins and Win2k is 45 sec. for half open timeouts, these can be changed). So the server can no longer accept a new connection.-
  22. -Another reported attack technique that was allegedly used during this campaign is a custom version of the Mobile LOIC tool (aka Mobile LOIC - Apache Killer) which is designed to exploit a known vulnerability in Apache servers – corresponding to CVE-2011-3192.-This attack tool targets Apache servers using Apache HTTP server versions 1.3.x, 2.0.x through 2.0.64, and 2.2.x through 2.2.19.
  23. Target URL- Specifies the URL of the attacked target. Must start with http://. Requests per second-Specifies the number of desired requests to be sent per second. Append message-Specifies the content for the “msg” parameter to be sent within the URL of HTTP requests
  24. Resource internal.
  25. -This value is unique since it seems to contain a typo which is caused by placing the “User Agent:” string inside the user agent value itself.Resource internal.
  26. Internal resources.
  27. Resource internal.
  28. Trend toward assymetricatacks with obvious reason. The attacker is required to utilize few resources while exhausting the target by sending small requests which result in large and or cpu intensive replies.
  29. Identification: referrer (ask the audience)Iframe attack can be used to amplify a DDoS any site. For example, using the attack LOIC iframe (JavaScript) to amplify the attack.
  30. RUDY or ARE YOU DEAD YET exploits the HTTP POST method by sending POST with long form field submission. It injects one byte of data then waiting causes application threads to await for never ending posts to perform processing.
  31. Slowloris sends very slow HTTP Requests. The HTTP headers ares sent in tiny chunks as slowly as possible while the server si forced to wait for the headers to arrive. This causes many connections to be built up on the target server. Slowloris is cross platform, except for Windows due to a socket limitation (~130). Pyloris was developed to enable running on windows with a Python GUI).