Radware Global Application & Network Security Report 2013

Cyber Security Statistics
About the 2013 Report

Key Findings & Trends
Attack Tools Trends

Notable Attacks
Recommendations

AGENDA

DoS/DDoS – Most Common Cyber Attack
Malware iFrame Injection
1%
3%
Other
DNS Hijacking
7%
3%
DDoS
28%

Targeted attack
(Various tools)
7%
Account
Hijacking
11%

Defacement
17%

SQLi
23%

Source: 2013 Cyber Attacks Trends, Hackmagedon

3

DoS/DDoS – Most Common Cyber Attack
Malware iFrame Injection
1%
3%
Other
DNS Hijacking
7%
3%
DDoS
28%

Targeted attack
(Various tools)
7%

28%
Account
Hijacking
11%

Defacement
17%

of all cyber attacks in
2013 involved a
DoS/DDoS attack.

SQLi
23%

Source: 2013 Cyber Attacks Trends, Hackmagedon

4

DDOS and Unplanned Outages in 2013
UPS system failure
Accidental/human error
Cyber crime (DDoS)
Weather related

2010
2013

Water, heat or CRAC failure
Generator failure
IT equipment failure
Other
0%

5%

10%

15%

20%

25%

30%

Source: “2013 Cost of Data Center Outages”, Ponemon Institute, Dec. 2013

35%

5

DDOS and Unplanned Outages in 2013
UPS system failure

Root Causes
Accidental/human error

of
Unplanned Outages
Cyber crime (DDoS)
Weather related

18%


Generator failure

of unplanned outages
in 2013 were due to
DoS/DDoS attacks.

2010
2013

Other
0%

5%

10%

15%

20%

25%

30%


35%

6

Cost of a DoS/DDoS Outage

Cyber crime (DDoS)

UPS system failure
2010
2013

Generator failure
Weather related
$0

$200

$400

$600

$800

$1,000

$1,200


7

Cost of a DoS/DDoS Outage


Cost of unplanned outage

Cyber crime (DDoS)

$822,000

UPS system failure

2010
2013


Cost of
Generator failure a

single DoS/DDoS attack
that causes unplanned outage.

Weather related
$0

$200

$400

$600

$800

$1,000

$1,200


8

Methodology and Sources
Security Industry Survey
– External survey
– 198 participants
– 93.8% are not using Radware
DoS/DDoS mitigation solution

Security Executive Survey
– External survey
– 15 participants

Radware’s Emergency Response
Team (ERT) 2013 Cases
– Unique visibility into attacks
behavior
– Attacks seen real-time on daily
basis
– More than 300 cases analyzed
•

Customer identity remains
undisclosed

10

The Unseen DoS/DDoS Attacks – Key Findings
•

60% of attacks result in service degradation
– Organizations’ attention is on the outage cases
– Web application slowness and degradation of service has devastating
outcomes

•

ERT has identified a new set of attacks called “Web Stealth”
– Availability based attacks targeting the Web application
– Harder to detect by traditional network security and
DoS/DDoS mitigation tools

•

Attackers shorten the time in takes them to bypass mitigation tools

12

Feb/July 2013
USA
Operation Ababil

March 2013
The Netherlands
Spamhaus

November 2013
Ukraine & Baltic Countries
Operation “Opindependence”

The biggest DDoS attack ever

Targeting financial institutions

August 2013
Syria
Syrian Electronic Army
attacking US media outlets

June 2013
South Korea
South Korea governement
websites under attacks

July 2013
Colombia
The Colombian
Independence Day Attack

13

Radware DoS/DDoS Risk Score

Attack Duration

Attack Vectors

Attack Complexity

S1
16

Attack Length: Increasing Duration

17

DDoS Attacks are Not Singular Events

18

Attack Vectors: Increasing Complexity

19

Attackers Shorten Time to Bypass Mitigation Tools

“Peace” Period

Pre-attack
Phase

Post-attack
Phase

Pre-attack
Phase

Post-attack
Phase

20

2013 Attack Vectors

More than 50% of 2013 DDoS attacks
had more than 5 attack vectors.

21

2012 – 2013 Trend: Diversity of Attacks

22

Web Stealth Attacks
•
•

More than HTTP floods
Dynamic IP addresses
– High distributed attack
– Attacks using Anonymizers / Proxy
– Attacks passing CDNs

•
•
•

Attacks that are being obfuscated by SSL
Attacks with the ability to pass C/R
Attacks that use low-traffic volume but saturate
servers’ resources

23

Web Stealth Attacks

•
•

Flood of Search requests will look legitimate
to network protection tools
Creates resource saturation on app-server

Attacks on Login Pages are
destructive
• Based on SSL
• No load-balancing yet

24

Bypassing CDN Protection

Botnet

Enterprise

GET www.enterprise.com/?[Random]

CDN
25

Network Topology and DDoS Attacks

Server components that are likely to be attacked by DDoS attacks.
26

DDoS Attacks Results

Public attention

27

DDoS Attacks Results

Public attention

Results of one-second delay in
Web page results

3.5%
2.1%
9.4%
8.3%

decrease in conversion rate
decrease in shopping cart size
decrease in page views

increase in bounce rate
Source: Strangeloop Networks, Case Study:
The impact of HTML delay on mobile business metrics, November 2011

28

Organizations are Adapting DDoS Mitigation Tools

29

Organizations are Adapting DDoS Mitigation Tools

Only 29% of organizations surveyed do

not have plans to deploy DDoS
mitigation tools in 2014.

30

HTTPS Based Attacks
•
•
•
•

HTTPS based attacks are on the rise
SSL traffic is not terminated by DDoS cloud scrubbers or DDoS solutions
SSL traffic is terminated by ADC or web server
SSL attacks hit their target and bypass security solutions

32

DNS Based Attacks
• Most frequently used attack vector
• Amplification affect
•
•
•

Regular DNS replies: in DNS – a normal reply is 3-4 times larger than the
request
Researched replies – can reach up to 10 times the original request
Crafted replies – attacker compromises a DNS server and ensures
requests are answered with the maximum DNS reply message (4096
bytes) - amplification factor of up to 100 times

33

DNS Based Attacks – The Recursive Attack

34

Login Page Attacks

40% of organizations have been attacked by
Login Page attack in 2013.

35

Web Stealth Attacks

Attacks on Login Pages are
Destructive
• Based on SSL
• No load-balancing yet

36

Implications of Login Page Attacks

37

“Innocence of Muslims” Movie

July 12, 2012
“Innocence of Muslims”
trailer released on YouTube

September 11, 2012
World-wide protest against the movie resulting
in the deaths of 50 people

39

Operation Ababil Background

40

Operation Ababil

Group name is “Izz ad-din
The cyber attack
is an act to stop
the movie

Al qassam cyber fighters”

First targets
•
•

Bank of America
NYSE
41

Operation Ababil Target Organizations

Financial Service Providers

43

Operation Ababil Attack Vectors

44

Overcoming HTTP Challenges

302 Redirect
Challenge

JS Challenge

Special Challenge

Kamikaze

Pass

Not pass

Not pass

Kamina

Pass

Not pass

Not pass

Terminator

Pass

Pass

Not pass

Script

45

Operation Op Columbian
• Large scale cyber attack held on July 20,2013
• Colombian Independence
• Largest cyber attacks, ever
• Attack against 30 Colombian government websites
• Attacker: Columbian Hackers
• Known hacker collective group
• Group used Twitter to communicate

Government

46

Op Colombia Attack Vectors

Web
Stealth

Application

Directory
traversal

Brute force
SQL
Injection

Network
SYN
floods

HTTP
Flood

UDP
floods
ICMP
floods

47

Spamhaus Attack
• Nine day volumetric attack
• Broke the ceiling of 100 GBPs
• Attack reached bandwidth of 300 GBPs
• Target: Anti-spam organization providing Internet service
• Attacker: CyberBunker and Sven Olaf Kamphuis

Internet Service Provider

48

DDoS Mitigation Selection Criteria

Time to protection
• The cost of a DDoS attack is significant
• The sooner the attack is over, the sooner the revenue loss
will stop

Attacks coverage
• Attackers are using a plethora of attack vectors
• More than 50% of attacks include more than 5 vectors

Single point of contact in case of attack
• Attacks are becoming longer and require manual
operations to mitigate

51

Recommendations

•
•
•
•
•

Acquire capabilities to sustain long attacks
Train a team that is ready to respond to persistent attacks
Deploy the most up-to-date methodologies and tools
24/7 availability to respond to attacks
Deploy counterattack techniques to cripple an attack

52

Radware Global Application & Network Security Report 2013

Recomendados

Recomendados

Mais conteúdo relacionado

Mais de Radware

Mais de Radware (20)

Último

Último (20)

Radware Global Application & Network Security Report 2013