The 2013 Global Application and Network Security Report provides insight to help detect, mitigate and win the extended and persistent DoS/DDoS battle. Click through the key findings for cyber security statistics, trends, tools and information on the year's most notable attacks. To download the full report, please visit: http://www.radware.com/ert-report-2013/
2. Cyber Security Statistics
About the 2013 Report
Key Findings & Trends
Attack Tools Trends
Notable Attacks
Recommendations
AGENDA
3. DoS/DDoS – Most Common Cyber Attack
Malware iFrame Injection
1%
3%
Other
DNS Hijacking
7%
3%
DDoS
28%
Targeted attack
(Various tools)
7%
Account
Hijacking
11%
Defacement
17%
SQLi
23%
Source: 2013 Cyber Attacks Trends, Hackmagedon
3
4. DoS/DDoS – Most Common Cyber Attack
Malware iFrame Injection
1%
3%
Other
DNS Hijacking
7%
3%
DDoS
28%
Targeted attack
(Various tools)
7%
28%
Account
Hijacking
11%
Defacement
17%
of all cyber attacks in
2013 involved a
DoS/DDoS attack.
SQLi
23%
Source: 2013 Cyber Attacks Trends, Hackmagedon
4
5. DDOS and Unplanned Outages in 2013
UPS system failure
Accidental/human error
Cyber crime (DDoS)
Weather related
2010
2013
Water, heat or CRAC failure
Generator failure
IT equipment failure
Other
0%
5%
10%
15%
20%
25%
30%
Source: “2013 Cost of Data Center Outages”, Ponemon Institute, Dec. 2013
35%
5
6. DDOS and Unplanned Outages in 2013
UPS system failure
Root Causes
Accidental/human error
of
Unplanned Outages
Cyber crime (DDoS)
Weather related
18%
Water, heat or CRAC failure
Generator failure
of unplanned outages
in 2013 were due to
DoS/DDoS attacks.
2010
2013
IT equipment failure
Other
0%
5%
10%
15%
20%
25%
30%
Source: “2013 Cost of Data Center Outages”, Ponemon Institute, Dec. 2013
35%
6
7. Cost of a DoS/DDoS Outage
IT equipment failure
Cyber crime (DDoS)
UPS system failure
2010
2013
Water, heat or CRAC failure
Generator failure
Weather related
$0
$200
$400
$600
$800
$1,000
$1,200
Source: “2013 Cost of Data Center Outages”, Ponemon Institute, Dec. 2013
7
8. Cost of a DoS/DDoS Outage
IT equipment failure
Cost of unplanned outage
Cyber crime (DDoS)
$822,000
UPS system failure
2010
2013
Water, heat or CRAC failure
Cost of
Generator failure a
single DoS/DDoS attack
that causes unplanned outage.
Weather related
$0
$200
$400
$600
$800
$1,000
$1,200
Source: “2013 Cost of Data Center Outages”, Ponemon Institute, Dec. 2013
8
9. Cyber Security Statistics
About the 2013 Report
Key Findings & Trends
Attack Tools Trends
Notable Attacks
Recommendations
AGENDA
10. Methodology and Sources
Security Industry Survey
– External survey
– 198 participants
– 93.8% are not using Radware
DoS/DDoS mitigation solution
Security Executive Survey
– External survey
– 15 participants
Radware’s Emergency Response
Team (ERT) 2013 Cases
– Unique visibility into attacks
behavior
– Attacks seen real-time on daily
basis
– More than 300 cases analyzed
•
Customer identity remains
undisclosed
10
11. Cyber Security Statistics
About the 2013 Report
Key Findings & Trends
Attack Tools Trends
Notable Attacks
Recommendations
AGENDA
12. The Unseen DoS/DDoS Attacks – Key Findings
•
60% of attacks result in service degradation
– Organizations’ attention is on the outage cases
– Web application slowness and degradation of service has devastating
outcomes
•
ERT has identified a new set of attacks called “Web Stealth”
– Availability based attacks targeting the Web application
– Harder to detect by traditional network security and
DoS/DDoS mitigation tools
•
Attackers shorten the time in takes them to bypass mitigation tools
12
13. Feb/July 2013
USA
Operation Ababil
March 2013
The Netherlands
Spamhaus
November 2013
Ukraine & Baltic Countries
Operation “Opindependence”
The biggest DDoS attack ever
Targeting financial institutions
August 2013
Syria
Syrian Electronic Army
attacking US media outlets
June 2013
South Korea
South Korea governement
websites under attacks
July 2013
Colombia
The Colombian
Independence Day Attack
13
23. Web Stealth Attacks
•
•
More than HTTP floods
Dynamic IP addresses
– High distributed attack
– Attacks using Anonymizers / Proxy
– Attacks passing CDNs
•
•
•
Attacks that are being obfuscated by SSL
Attacks with the ability to pass C/R
Attacks that use low-traffic volume but saturate
servers’ resources
23
24. Web Stealth Attacks
•
•
Flood of Search requests will look legitimate
to network protection tools
Creates resource saturation on app-server
Attacks on Login Pages are
destructive
• Based on SSL
• No load-balancing yet
24
28. DDoS Attacks Results
Public attention
Results of one-second delay in
Web page results
3.5%
2.1%
9.4%
8.3%
decrease in conversion rate
decrease in shopping cart size
decrease in page views
increase in bounce rate
Source: Strangeloop Networks, Case Study:
The impact of HTML delay on mobile business metrics, November 2011
28
30. Organizations are Adapting DDoS Mitigation Tools
Only 29% of organizations surveyed do
not have plans to deploy DDoS
mitigation tools in 2014.
30
31. Cyber Security Statistics
About the 2013 Report
Key Findings & Trends
Attack Tools Trends
Notable Attacks
Recommendations
AGENDA
32. HTTPS Based Attacks
•
•
•
•
HTTPS based attacks are on the rise
SSL traffic is not terminated by DDoS cloud scrubbers or DDoS solutions
SSL traffic is terminated by ADC or web server
SSL attacks hit their target and bypass security solutions
32
33. DNS Based Attacks
• Most frequently used attack vector
• Amplification affect
•
•
•
Regular DNS replies: in DNS – a normal reply is 3-4 times larger than the
request
Researched replies – can reach up to 10 times the original request
Crafted replies – attacker compromises a DNS server and ensures
requests are answered with the maximum DNS reply message (4096
bytes) - amplification factor of up to 100 times
33
38. Cyber Security Statistics
About the 2013 Report
Key Findings & Trends
Attack Tools Trends
Notable Attacks
Recommendations
AGENDA
39. “Innocence of Muslims” Movie
July 12, 2012
“Innocence of Muslims”
trailer released on YouTube
September 11, 2012
World-wide protest against the movie resulting
in the deaths of 50 people
39
41. Operation Ababil
Group name is “Izz ad-din
The cyber attack
is an act to stop
the movie
Al qassam cyber fighters”
First targets
•
•
Bank of America
NYSE
41
45. Overcoming HTTP Challenges
302 Redirect
Challenge
JS Challenge
Special Challenge
Kamikaze
Pass
Not pass
Not pass
Kamina
Pass
Not pass
Not pass
Terminator
Pass
Pass
Not pass
Script
45
46. Operation Op Columbian
• Large scale cyber attack held on July 20,2013
• Colombian Independence
• Largest cyber attacks, ever
• Attack against 30 Colombian government websites
• Attacker: Columbian Hackers
• Known hacker collective group
• Group used Twitter to communicate
Government
46
47. Op Colombia Attack Vectors
Web
Stealth
Application
Directory
traversal
Brute force
SQL
Injection
Network
SYN
floods
HTTP
Flood
UDP
floods
ICMP
floods
47
48. Spamhaus Attack
• Nine day volumetric attack
• Broke the ceiling of 100 GBPs
• Attack reached bandwidth of 300 GBPs
• Target: Anti-spam organization providing Internet service
• Attacker: CyberBunker and Sven Olaf Kamphuis
Internet Service Provider
48
50. Cyber Security Statistics
About the 2013 Report
Key Findings & Trends
Attack Tools Trends
Notable Attacks
Recommendations
AGENDA
51. DDoS Mitigation Selection Criteria
Time to protection
• The cost of a DDoS attack is significant
• The sooner the attack is over, the sooner the revenue loss
will stop
Attacks coverage
• Attackers are using a plethora of attack vectors
• More than 50% of attacks include more than 5 vectors
Single point of contact in case of attack
• Attacks are becoming longer and require manual
operations to mitigate
51
52. Recommendations
•
•
•
•
•
Acquire capabilities to sustain long attacks
Train a team that is ready to respond to persistent attacks
Deploy the most up-to-date methodologies and tools
24/7 availability to respond to attacks
Deploy counterattack techniques to cripple an attack
52