Debunking Myths About DDoS Attacks: Radware 2011 Global ......Debunking Myths About DDoS Attacks:...

24
Debunking Myths About DDoS Attacks: Radware 2011 Global Security Report. Mick Stephens, General Manager - Australia & New Zealand, Radware Ltd. March 2012

Transcript of Debunking Myths About DDoS Attacks: Radware 2011 Global ......Debunking Myths About DDoS Attacks:...

Page 1: Debunking Myths About DDoS Attacks: Radware 2011 Global ......Debunking Myths About DDoS Attacks: Radware 2011 Global Security Report. Mick Stephens, General Manager - Australia &

Debunking Myths About DDoS

Attacks: Radware 2011 Global

Security Report.

Mick Stephens, General Manager - Australia &

New Zealand, Radware Ltd.

March 2012

Page 2: Debunking Myths About DDoS Attacks: Radware 2011 Global ......Debunking Myths About DDoS Attacks: Radware 2011 Global Security Report. Mick Stephens, General Manager - Australia &

AG

END

A

About 2011 Global Security Report

Key Findings:

Debunking a Myth: Does Size Matter?

Hacktivism, the Rise of Anonymous and Attack

Campaigns.

ERT Case Studies: Cyber Attacks against Israeli

websites

2012 Recommendations

Page 3: Debunking Myths About DDoS Attacks: Radware 2011 Global ......Debunking Myths About DDoS Attacks: Radware 2011 Global Security Report. Mick Stephens, General Manager - Australia &

2011 Global Application & Network Security Report

3

Page 4: Debunking Myths About DDoS Attacks: Radware 2011 Global ......Debunking Myths About DDoS Attacks: Radware 2011 Global Security Report. Mick Stephens, General Manager - Australia &

Information Resources

• Radware Security Survey

– External survey

– 135 participant

organisations

– 80% are not using

Radware DoS mitigation

solution

• ERT Survey

– Internal survey

– Unique visibility into attacks

behaviour

– 40 selected cases

• Customer identity remains

undisclosed

4

Annual revenue of participants

ERT gets to see attacks in

real-time on daily basis

Page 5: Debunking Myths About DDoS Attacks: Radware 2011 Global ......Debunking Myths About DDoS Attacks: Radware 2011 Global Security Report. Mick Stephens, General Manager - Australia &

AG

END

A

About 2011 Global Security Report

Key Findings:

Debunking a Myth: Does Size Matter?

Hacktivism, the Rise of Anonymous and Attack

Campaigns.

ERT Case Studies: Cyber Attacks against Israeli

websites

2012 Recommendations

Page 6: Debunking Myths About DDoS Attacks: Radware 2011 Global ......Debunking Myths About DDoS Attacks: Radware 2011 Global Security Report. Mick Stephens, General Manager - Australia &

Debunking a Myth: Is Size all that Matters?

• DDoS attacks are portrayed in the media using size

measures

– “a 10Gbps DDoS attack hit site X”

– “an 8 Million packet-per-second DDoS flooded site Y”

• Numbers are easy to understand

• Should one rely on these numbers when planning network

security solutions?

6

Page 7: Debunking Myths About DDoS Attacks: Radware 2011 Global ......Debunking Myths About DDoS Attacks: Radware 2011 Global Security Report. Mick Stephens, General Manager - Australia &

Size does not matter!

• Reality:

– Most organization may never experience an intense attack

– Less intensive application attacks can cause more damage than network

attacks

7

76 percent of the

attacks surveyed were

under 1Gbps

The impact of application flood attacks

are much more severe than network

flood attacks

76% of attacks are below 1Gbps

Page 8: Debunking Myths About DDoS Attacks: Radware 2011 Global ......Debunking Myths About DDoS Attacks: Radware 2011 Global Security Report. Mick Stephens, General Manager - Australia &

Network Attack and Application Attack Coexist

• Radware Security Survey: Attack count by type and bandwidth

8

Page 9: Debunking Myths About DDoS Attacks: Radware 2011 Global ......Debunking Myths About DDoS Attacks: Radware 2011 Global Security Report. Mick Stephens, General Manager - Australia &

Lessons learned

• Understand the DoS attack landscape.

– Type of attacks

– Megabits-per-second

– New & concurrent connections-per-second

– transactions-per-second

– Size is only one measurement dimension

9

Page 10: Debunking Myths About DDoS Attacks: Radware 2011 Global ......Debunking Myths About DDoS Attacks: Radware 2011 Global Security Report. Mick Stephens, General Manager - Australia &

Hacktivism and the Rise of Anonymous

Anonymous Opens Fire -

“Operation Payback”, Dec

2010

LOIC DoS Tool

S

T

O

P

Attack !

Cablegate

10

Page 11: Debunking Myths About DDoS Attacks: Radware 2011 Global ......Debunking Myths About DDoS Attacks: Radware 2011 Global Security Report. Mick Stephens, General Manager - Australia &

Anonymous Attacks Grows

11

Page 12: Debunking Myths About DDoS Attacks: Radware 2011 Global ......Debunking Myths About DDoS Attacks: Radware 2011 Global Security Report. Mick Stephens, General Manager - Australia &

More Organization Are Threatened by DoS

12

Page 13: Debunking Myths About DDoS Attacks: Radware 2011 Global ......Debunking Myths About DDoS Attacks: Radware 2011 Global Security Report. Mick Stephens, General Manager - Australia &

DDoS Attack tools Become Prevalent

Mobile LOIC LOIC webLOIC

Public Attacks

‘Inner Circle’ Attacks

Network Application

Flood

Low & Slow Vulnerability

based

UDP Floods

SYN Floods

Fragmented floods

FIN+ACK

Dynamic HTTP

HTTPS Floods

RUDY

Slowloris

Pyloris

Intrusion attempts

SQL Injection

#refref

xerex

13

Page 14: Debunking Myths About DDoS Attacks: Radware 2011 Global ......Debunking Myths About DDoS Attacks: Radware 2011 Global Security Report. Mick Stephens, General Manager - Australia &

Which Elements Are Bottlenecks For DDoS?

14

Stateful devices are

vulnerable to DDoS

(36% of the attacks)

Internet link

is saturated

(27% of the

attacks)

Page 15: Debunking Myths About DDoS Attacks: Radware 2011 Global ......Debunking Myths About DDoS Attacks: Radware 2011 Global Security Report. Mick Stephens, General Manager - Australia &

Multi-Vulnerability Attack Campaigns

Business

Large volume network flood attacks

Directed Application DoS attack: Slowloris

Large volume SYN flood

Connection DoS attacks

HTTP & HTTPS flood attacks

15

70% of the 2011 attacks had

5 or more attack vectors

Page 16: Debunking Myths About DDoS Attacks: Radware 2011 Global ......Debunking Myths About DDoS Attacks: Radware 2011 Global Security Report. Mick Stephens, General Manager - Australia &

Lessons learned

1. You may be a target.

– Financial service providers.

– eCommerce site

– Government agency

– Affiliated with copyright industry

– National brand

2. Get ready !

– Be prepared for Multi-Vulnerability Attack Campaigns.

– Test your security solutions against the tools.

3. Deploy DDoS Protection from your service provider

– Mitigate volumetric attacks that may saturate your bandwidth

4. Deploy anti-DoS and network behavioral technologies

on site in front of the firewall

– To protect your IT infrastructure from becoming bottlenecks

16

Page 17: Debunking Myths About DDoS Attacks: Radware 2011 Global ......Debunking Myths About DDoS Attacks: Radware 2011 Global Security Report. Mick Stephens, General Manager - Australia &

AG

END

A

About 2011 Global Security Report

Key Findings:

Debunking a Myth: Does Size Matter?

Hacktivism, the Rise of Anonymous and Attack

Campaigns.

ERT Case Studies: Cyber Attacks against Israeli

websites

2012 Recommendations

Page 18: Debunking Myths About DDoS Attacks: Radware 2011 Global ......Debunking Myths About DDoS Attacks: Radware 2011 Global Security Report. Mick Stephens, General Manager - Australia &

Cyber Attacks against Israeli websites

Course Of Events

January 3rd

Saudi hacker 0xOmar leaks tens of thousands Israeli credit card numbers and other personal sensitive information.

January 16th Early Morning

0xOmar and associated “Nightmare” hacker group sends an email to the Jerusalem Post, threatens to attack EL-AL website.

9:30 AM

EL-AL, Tel-Aviv Stock Exchange, First International Bank of Israel and Discount Bank websites are attacked and are unavailable for hours.

January 17th

Israeli hacker group “IDF-Team” retaliates by attacking Saudi and UAE’s Stock Exchanges websites

January 18th

More Israeli websites targeted: Bank of Israel website under attack

18

Page 19: Debunking Myths About DDoS Attacks: Radware 2011 Global ......Debunking Myths About DDoS Attacks: Radware 2011 Global Security Report. Mick Stephens, General Manager - Australia &

Cyber Attacks against Israeli websites

Targets under attack

• In the following weeks, dozens of Israeli web sites were

attacked by these hacker groups

• A Cyber War emerged…..

19

Page 20: Debunking Myths About DDoS Attacks: Radware 2011 Global ......Debunking Myths About DDoS Attacks: Radware 2011 Global Security Report. Mick Stephens, General Manager - Australia &

Cyber Attacks against Israeli websites

Verified Attackers

20

• Attacks were highly distributed

• Generated by an international collective or a Botnet

• Geo-IP blocking renders useless

Page 21: Debunking Myths About DDoS Attacks: Radware 2011 Global ......Debunking Myths About DDoS Attacks: Radware 2011 Global Security Report. Mick Stephens, General Manager - Australia &

End-to-end solution countering the DDoS threat

Attack Mitigation System

ISP Core Network

In-the-cloud

Anti-DoS Service

Attack Mitigation System

Internet

Customer site

Anti-DoS

NBA

IPS

SSL attacks

Protection

Anti-DoS

On-premises protection against:

• Application DDoS attacks

• SSL based attacks

• Low & Slow attacks

In-the cloud protection against:

• Volumetric bandwidth attacks

21

Page 22: Debunking Myths About DDoS Attacks: Radware 2011 Global ......Debunking Myths About DDoS Attacks: Radware 2011 Global Security Report. Mick Stephens, General Manager - Australia &

AG

END

A

About 2011 Global Security Report

Key Findings:

Debunking a Myth: Does Size Matter?

Hacktivism, the Rise of Anonymous and Attack

Campaigns.

ERT Case Studies: Cyber Attacks against Israeli

websites

2012 Recommendations

Page 23: Debunking Myths About DDoS Attacks: Radware 2011 Global ......Debunking Myths About DDoS Attacks: Radware 2011 Global Security Report. Mick Stephens, General Manager - Australia &

2012 Recommendations

ERT recommendations to fight DoS/DDoS attacks:

• Understand the DoS threat landscape.

– Collect information about the tools and types of attacks.

– Perform risk analysis at the business level.

• Make sure your service provider can mitigate volumetric attacks.

• Deploy Anti-DoS and Network Behavioral technologies on-

premises.

23

Page 24: Debunking Myths About DDoS Attacks: Radware 2011 Global ......Debunking Myths About DDoS Attacks: Radware 2011 Global Security Report. Mick Stephens, General Manager - Australia &

Thank You www.radware.com