Spike DDoS Toolkit A Multiplatform Botnet Threat.

Slides:

Advertisements

Similar presentations

Innovation Towards a next generation secure internet Private Application Ecosystems Sanjay Deshpande CEO and Chief Innovation Officer Center.

Advertisements

Security Issues in Mobile Code Systems David M.Chess, High Integrity Computing Lab, IBM T.J. Watson Research Center Hawthorne, NY, USA Mobile code systems.

 IPv6 Has built in security via IPsec (Internet Protocol Security). ◦ IPsec Operates at OSI layer 3 or internet layer of the Internet Protocol Suite.

Zombie or not to be: Trough the meshes of Botnets - Guillaume Lovet AVAR 2005 Tianjin, China.

BOTNETS/Cyber Criminals  How do we stop Cyber Criminals.

Firewall Security Chapter 8. Perimeter Security Devices Network devices that form the core of perimeter security include –Routers –Proxy servers –Firewalls.

Network Ingress Filtering: Defeating Denial of Service Attacks which employ IP Source Address Spoofing Base on RFC 2827 Lector Kirill Motul.

Lan Nguyen Mounika Namburu 1.  DDoS Defense Research  A2D2 Design ◦ Subnet Flooding Detection using Snort ◦ Class -Based Queuing ◦ Multi-level Rate.

Review for Exam 4 School of Business Eastern Illinois University © Abdou Illia, Fall 2006.

Botnets Abhishek Debchoudhury Jason Holmes. What is a botnet? A network of computers running software that runs autonomously. In a security context we.

On the Feasibility of Large-Scale Infections of iOS Devices

© 2014 Level 3 Communications, LLC. All Rights Reserved. Proprietary and Confidential. Polycom event Security Briefing 12/03/14 Level 3 Managed Security.

1 Cost-Effective Strategies for Countering Security Threats: IPSEC, SSLi and DDoS Mitigation Bruce Hembree, Senior Systems Engineer A10 Networks.

Small Business Security By Donatas Sumyla. Content Introduction Tools Symantec Corp. Company Overview Symantec.com Microsoft Company Overview Small Business.

Firewall 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.

ANDROID PROGRAMMING MODULE 1 – GETTING STARTED

Internet Relay Chat Security Issues By Kelvin Lau and Ming Li.

Common forms and remedies Neeta Bhadane Raunaq Nilekani Sahasranshu.

ISSA Nashville Chapter, May 17 th 2013 Alexander Karstens Senior Systems Engineer IXIA Communications Preparing your organization for DDoS.

Norman SecureSurf Protect your users when surfing the Internet.

Capacity Development Workshop on Public Information Management System and Policy in Korea on cyber attacks Jeong Min, Lee KISA.

Introduction to Honeypot, Botnet, and Security Measurement

VMM Based Rootkit Detection on Android Class Presentation Pete Bohman, Adam Kunk, Erik Shaw.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.

B OTNETS T HREATS A ND B OTNETS DETECTION Mona Aldakheel

Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 8 – Denial of Service.

APT29 HAMMERTOSS Jayakrishnan M.

BotNet Detection Techniques By Shreyas Sali

Speaker:Chiang Hong-Ren Botnet Detection by Monitoring Group Activities in DNS Traffic.

Agenda Review route summarization Cisco acquire Sourcefire Review Final Exam.

Supplied on \web site. on January 10 th, 2008 Reducing Risk Through Incremental Malware Detection January 2008.

WEBSENSE ® SECURITY LABS™ 2006 Semi-Annual Web Security Trends Report OWASP Presentation November 9, 2006 Jim Young (301)

©2014 Bit9. All Rights Reserved Endpoint Threat Prevention Charles Roussey | Sr. Sales Engineer Detection and Response in Seconds.

Web Application Firewall (WAF) RSA ® Conference 2013.

Jeong, Hyun-Cheol. 2 Contents DDoS Attacks in Korea 1 1 Countermeasures against DDoS Attacks in Korea Countermeasures against DDoS Attacks in.

Topics to be covered 1. What are bots,botnet ? 2.How does it work? 4.Prevention of botnet. 3.Types of botnets.

Akamai Technologies - Overview RSA ® Conference 2013.

Nullcon Goa 2010http://nullcon.net Botnet Mitigation, Monitoring and Management - Harshad Patil.

BOTNETS Presented By : Ramesh kumar Ramesh kumar 08EBKIT049 08EBKIT049 A BIGGEST THREAT TO INERNET.

VMM Based Rootkit Detection on Android Class Presentation Pete Bohman, Adam Kunk, Erik Shaw.

Is this a good idea? Potential risks posed by The Internet of Things Phillip Barker IT Systems Administrator City of Lincoln City 801 Southwest Highway.

Network Security: Lab#5 Port Scanners and Intrusion Detection System

Firewall Security.

Drew Reinders | GSEC Principal Solutions Engineer Defending Your Castle.

S. A. Shonola & M. S. Joy Security Framework for Mobile Learning Environments.

Internet Security Trends LACNOG 2011 Julio Arruda LATAM Engineering Manager.

4061 Session 26 (4/19). Today Network security Sockets: building a server.

Malicious Software.

Sky Advanced Threat Prevention

Panel: Engineering Discipline in Cyber Security Steve Orrin, Chief Technologist, Intel Federal, Intel Coporation.

Introduction TO Network Administration

Kona Security Solutions - Overview

Understand Malware LESSON Security Fundamentals.

NetModule Cloud Solution Professional M2M Networking out of the Cloud © 2014 NetModule AG Slide 1.

NetModule Cloud Solution Professional M2M Networking out of the Cloud NetModule Cloud Router 1.

VMM Based Rootkit Detection on Android

Mobile IP 순천향대학교 전산학과 문종식

Speaker: Hom-Jay Hom Date:2009/10/20 Botnet Research Survey Zhaosheng Zhu. et al July 28-August

NESSUS. Nessus Vulnerability Scanner Features: Ease of use Deep Vulnerability Analysis Discover network based and local vulnerabilities Perform configuration.

DOS Attacks Lyle YapDiangco COEN 150 5/21/04. Background DOS attacks have been around for decades Usually intentional and malicious Can cost a target.

Denial of Service A comparison of DoS schemes Kevin LaMantia COSC 316.

Published: USENIX HotBots, 2007 Presented: Wei-Cheng Xiao 2016/10/11.

Botnets A collection of compromised machines

A lustrum of malware network communication: Evolution & insights

Instructor Materials Chapter 7 Network Security

Botnets A collection of compromised machines

How Cyber Security vulnerabilities will shape the future of Healthcare Sector Globally?

Home Internet Vulnerabilities

Chapter 4: Protecting the Organization

Presented by Shashank Shekhar Sahoo

Presentation transcript:

Spike DDoS Toolkit A Multiplatform Botnet Threat

©2014 AKAMAI | FASTER FORWARD TM Overview The Spike DDoS toolkit is a Chinese botnet toolkit discovered in 2014 Originally targeted at desktop Linux systems, Spike may also have payloads capable of targeting Windows Spike has the unique ability to infect Linux ARM systems – small devices used for mobile systems and appliances Targeted devices include: PCs Servers Routers Internet of Things (IoT devices) such as smart thermostats and washer/dryers Customer Premises Equipment (CPE) routing devices Android phones and tablets

©2014 AKAMAI | FASTER FORWARD TM Toolkit Analysis Spike has a standard command-and-control panel to control the bots, binary payloads for infection, and DDoS payload builders The addition of an ARM payload suggests it may be targeting devices such as routers and IoT appliances Two of the payload builders target 32 and 64-bit Linux systems The third, Typhoon Builder, generates a 32-bit ARM Linux executable Evidence of the payloads being ported to Windows has surfaced Author uses Mr. Black as a pseudonym Can launch SYN, DNS, UDP, and GET floods

©2014 AKAMAI | FASTER FORWARD TM Toolkit Screenshot

©2014 AKAMAI | FASTER FORWARD TM Observed Attack Several campaigns have been reported against hosts in Asia and the U.S. Several Akamai customers have already been targeted One DDoS attack peaked at 215 Gbps and 150 Mpps

©2014 AKAMAI | FASTER FORWARD TM Attack Analysis Spike has four types of attacks: SYN, GET, UDP and DNS floods This assortment is fairly standard for malicious toolkits, and includes no new attack types Spike also claims to include an ICMP flood, but testing has revealed it to be nonfunctional due to poor coding The SYN, GET, UDP, and DNS floods are implemented simplistically, with no fundamentally new ideas However, the multiplatform nature of its infections allows it to build potentially massive botnets

©2014 AKAMAI | FASTER FORWARD TM System Hardening The multi-architecture malware code found in the kit increases its sophistication and complexity, requiring hardening measures for each targeted OS and platform PLXsert anticipates further infestation and the expansion of this DDoS botnet For more information, see the full threat advisory at stateoftheinternet.com, including a YARA rule for system hardening and a Snort rule for DDoS mitigationfull threat advisory

©2014 AKAMAI | FASTER FORWARD TM Conclusion There is a rising trend in Asian botnet activity that has targeted Linux servers primarily, but is now diversifying to target Windows hosts, routers, CPE and ARM-compatible Linux distributions as well These botnets can thereby infect more machines and produce sizable attack campaigns New multiplatform DDoS kits require system administrators to thoroughly check and harden previously safe devices Spike does not use any new DDoS attacks – what it brings is diversity in infection Unless there is a significant community effort, Spike and its descendants are likely to spread further

©2014 AKAMAI | FASTER FORWARD TM Spike DDoS Toolkit Threat Advisory The Spike DDoS Toolkit Threat Advisory includes DDoS mitigation details for enterprises, such as: Indicators of binary infection Command and control panel Toolkit variations Bot initialization DDoS payloads Details of an observed attack campaign DDoS mitigation techniques, including a SNORT rule to stop the GET flood attack System hardening resources YARA rule for preventing bot infection Download the full report for free at

©2014 AKAMAI | FASTER FORWARD TM About StateOfTheInternet.com StateoftheInternet.com, brought to you by Akamai, serves as the home for content and information intended to provide an informed view into online connectivity and cybersecurity trends as well as related metrics, including Internet connection speeds, broadband adoption, mobile usage, outages, and cyber-attacks and threats. Visitors to stateoftheinternet.com can find current and archived versions of Akamai’s State of the Internet (Connectivity and Security) reports, the company’s data visualizations and other resources designed to help put context around the ever-changing Internet landscape.stateoftheinternet.com