Attacchi informatici: Strategie e tecniche per capire ... · Attacchi informatici: Strategie e...

Attacchi informatici:Strategie e tecniche per capire, prevenire e proteggersi dagli attacchi della rete

Analisi degli attacchi DDOS e delle contromisure

Alessandro Tagliarino

06 Novembre 2017

6 Novembre 2017

Alessandro Tagliarino – Presales Team Leader

pag. 2

WHOISARBORNETWORKS?

100%Percentageofworld’sTier1serviceproviderswhoareArborcustomers

>110NumberofcountrieswithArborproductsdeployed

25% AmountofglobaltrafficmonitoredbytheATLAS securityintelligenceinitiativerightnow!

#1

ArbormarketpositioninCarrier,EnterpriseandMobileDDoSequipmentmarketsegments

NumberofyearsArborhasbeendeliveringinnovativesecurityandnetworkvisibilitytechnologies&products17

http://Digitalattackmap.com

6 Novembre 2017


pag. 3

This presentation provides a summary of the results of ArborNetworks’ 12th annual Worldwide Infrastructure Security Report(WISR)

The WISR documents the collective experiences, observations andconcerns of the operational security community in 2016 plusforecasts for the coming year

The WISR has changed immeasurably in terms of its scope andscale over 12 years, but the core goal is still to provide real insightinto infrastructure security from an operational perspective

Overview

6 Novembre 2017


pag. 4

SurveyDemographics

• SPrespondents:51%Tier2/3operators&25%Tier1• EGErespondent:61%enterprise,35%education&14%government

• Enterprise:32%banking/financeupfrom18%lastyear.• Technology,automotive/transportationandmanufacturingarealsowellrepresented,

roundingoutthetop4• GeographicSplit:32%NorthAmerica,28%Europe,23%APAC,10%MiddleEast/Africa&7%LATAM

6 Novembre 2017


pag. 5

ThingsYouShouldKnowAboutDDoSAttacks

• ItsneverbeeneasiertolaunchaDDoSattack.

• DDoSattacksareincreasinginsize,frequencyandcomplexity.

• DDoSattacksareusedassmokescreensorformsofdiversionduringadvancedthreatcampaigns2.

• OneOftheTop3causesofunplannedoutages,DDoSattacks

arethemostcostlytoanorganization3

DidYouKnow?For$5/hr anyone canlaunch

aDDoSattackancause$100sKindamage

…DDoSattacksizeincreasing1

…IncreaseindemandforDDoSProtection

services1

…experiencedmulti-vectoredattacks1

$5:$100sKDDoSforHire

74% …involvedDDOSasadiversion2

800Gbps

42%

78%

6 Novembre 2017


pag. 6

Scale:VolumetricAttacksIncrease

• Largestattackreportedwas800Gbps withotherrespondentsreportingattacksof600Gbps,550Gbps,and500Gbps

• Onethirdofrespondentsreportpeakattacksover100Gbps

• 41%ofEGErespondentsand61%ofdata-centeroperatorsreportedattacksexceedingtheirtotalInternetcapacity

6 Novembre 2017


pag. 7

Scale:TheATLASPerspective

• Peakmonitoredattackof579Gbps,73%growthfrom2015

• 558attacksover100Gbps,87over200Gbps

– Comparedto223and16in2015• 20%ofattacksover1Gbps,as

opposedto16%in2015• Averageattackssizenow931Mbps,

upfrom760Mbps,a23%increase

6 Novembre 2017


pag. 8

Scale:DrivingFactors,IoT

TheResult• Firsthigh-profileattackusingIoT devicesChristmas2013,usingCPEandwebcams• In2016BotnetownersstartedtorecruitIoT devicesen mass• Attacksof540GbpsagainsttheOlympics,620GbpsagainstKrebs,Dyn etc..

TheProblem• Almosteverypieceoftechnologywebuyis

‘connected’• Devicesaredesignedtobeeasytodeploy

anduse,oftenresultinginlimitedsecuritycapabilities

• Softwareisveryrarelyupgraded.Somemanufacturersdon’tprovideupdates,ortheabilitytoinstallupdates

6 Novembre 2017


pag. 9

Scale:DrivingFactors,Mirai

• BillionsofIoT devicesconnectedtotheInternet

– Estimatesvary,5B+,withmillionsaddedeveryday

• ArborhoneypotdeviceslookforexploitactivityonTelnet/SSHports

• 1Mloginattemptsfrom11/29to12/12from92KuniqueIPaddresses

• Morethan1attemptperminuteinsomeregions

Mirai isdesignedtoinfectandcontrolIoT devicesandcontainsthecodenecessarytomanageandbuildlarge-scalebotnets

6 Novembre 2017


pag. 10

Scale:Driving Factors,ReflectionAmplification

• ReflectionAmplificationattackscontinue,buttherehasbeensomecyclicchangeintheprotocolsfavoredbyattackers.

• StronggrowthintheuseofDNS(again)through2016

• Largestmonitoredattackof498.3Gbs,a97%jumpfromlastyear

– DNSandNTPattacksover400Gbps,Chargen over200Gbps

6 Novembre 2017


pag. 11

Complexity:AttackTypes

• VolumetricattacksstillrepresentthemajorityofactivityforbothSPandEGErespondents.• 95%ofSPreportapplicationslayerattacks,93%lastyear,90%in2014• 67%ofSPreportmulti-vectorattacks,56%lastyear,32%in2014

ServiceProviderAttackTypes EGEAttackTypes

6 Novembre 2017


pag. 12

Complexity:TargetedServices

• DNSandHTTPthemostcommonservicestargetedbyapplicationlayerattacks• MajorityofSPandEGErespondentsalsoseeattackstargetingHTTPS• 57%ofEGErespondentsseeattackstargetingtheapplicationbehindHTTPS

– Muchhigherthanthe22%seenbySPs– Ciphersuitesthatpreventtrafficinspectionareakeyproblem

EGEServiceTargets

SPServiceTargets

6 Novembre 2017


pag. 13

Frequency:UpAcrosstheBoardEGE

• 53%ofSPsseemorethan51attackspermonth,upfrom44%• 21%ofdata-centersseemorethan50attackspermonth,upfrom8%• 45%ofEGEseemorethan10attackspermonth,upfrom28%• ATLASistracking135,000Volumetricattacksperweek.

6 Novembre 2017


pag. 14

Motivations:ManyandVaried

• SPsseeOnlineGamingandHackivism astopmotivations

• EGEseeIdeologicalHacktivismandExtortionastop

• 26%ofEGEseeDDoSfordistraction,upfrom12%

6 Novembre 2017


pag. 15

Impact:Targets

• SPsseeGovernment,FinanceandHostingastoptargets

• SPsseeingattacksoncloudservicesdropsfromonethirdtoonequarter

• 42%ofEGErespondentsexperiencedanattack

– 63%offinance,upfrom45%

– 53%ofgovernment,upfrom43%

6 Novembre 2017


pag. 16

Impact:DataCenter

• Nearlythreequartersofdatacenterrespondentssawbetween1and20attacksthatimpactedtheirservicein2016

• Operationalexpensesaretopbusinessimpact

• Significantincreaseinrevenueloss,upfrom33%to42%

• 23%estimatecostofasignificantattackover$100K,5%estimateover$1M

6 Novembre 2017


pag. 17

Mitigation:SPsContinuetoImpress

• 83%ofSPsuseIDMStomitigateDDoSattacks– UseofIDMSandD/RTBHarebothincreasing

• 77%ofSPsmitigateattackinlessthan20minutes– 27%mitigateautomatically

• 78%ofSPsseemoredemandfromcustomers,up4percentoverlastyear– Government,Finance,eCommerce andHostingaredrivingdemand

6 Novembre 2017


pag. 18

Mitigation:DataCenterImproves

• 60%useIDMS• 40%usefirewalls

– downfrom71%

6 Novembre 2017


pag. 19

titolo

Mitigation:EGEImproves

• Firewalls,IPS/WAFandACLsmostcommon

• 35%usecloudDDoSmitigation– Upfrom28%

• 30%uselayeredDDoSmitigation– Upfrom23%

6 Novembre 2017


pag. 20

SPOrganizationalSecurity

• NearlyhalfofSPsnowimplementanti-spoofingfilters• RehearsingDDoSattackprocessesandproceduresiskey

• 10%increaseinSPsrunningsimulations,37%dothisquarterly• EGE55%nowrunsimulations,40%dothisquarterly

• DifficultyinhiringandretainingpersonnelremainsakeyissueforbothSPandEGErespondents

6 Novembre 2017


pag. 21

titolo

Q&A

Attacchi informatici: Strategie e tecniche per capire ... · Attacchi informatici: Strategie e...

Documents

Transcript of Attacchi informatici: Strategie e tecniche per capire ... · Attacchi informatici: Strategie e...