It’s Not Just You! Your Site Looks Down From Here Santo Hartono, ANZ Country Manager March 2014 Latest Trends in Cyber Security

Radware Global Network and Application Security Report

Slide 3 Radware’s ERT 2013 Cases Unique visibility into attacks behavior Attacks monitored in real-time on a daily basis More than 300 cases analyzed –Customers identity remains undisclosed

The Threat Landscape DDoS is the most common attack method! Attacks last longer Government and Financial Services are the most attacked vectors Multi-vector trend continues Slide 4

DDoS Attacks Results Public attention 3.5% Results of one-second delay in Web page loading: decrease in conversion rate 2.1% decrease in shopping cart size 9.4% decrease in page views 8.3% increase in bounce rate Source: Strangeloop Networks, Case Study: The impact of HTML delay on mobile business metrics, November 2011 Slide 5

App Misuse DDoS Attack Vectors Large volume network flood attacks Network Scan Syn Floods SSL Floods “Low & Slow” DoS attacks (e.g.Sockstress) HTTP Floods Brute Force Slide 6 Internet Pipe Firewall IPS/IDS ADC Attacked Server SQL Server Connection Floods

2013 Attack Tools Trends

Attack Vectors Used Slide 8

Reflective Amplification Attacks on the Rise Slide 9 Easier to create Based on UDP protocol –Targeted protocols: DNS, NTP, SNMP –UDP connectionless nature enables to spoof the IP Address Key feature in creating reflective attack Obfuscates attacker real identity (IP address) Amplification affect: 8 – 650 times larger than originated message

DNS Based Attacks Most frequently used attack vector Amplification affect –Regular DNS replies - a normal reply is 3-4 times larger than the request –Researched replies – can reach up to 10 times the original request –Crafted replies – attacker compromises a DNS server and ensures requests are answered with the maximum DNS reply message (4096 bytes) - amplification factor of up to 100 times Slide 10

Nine day volumetric attack First to break the ceiling of 100 Gbps –Attack reached bandwidth of 300 Gbps Target: Anti-spam organization providing Internet service Attacker: CyberBunker and Sven Olaf Kamphuis Internet Service Provider Notable Amplification Attack: Spamhaus Slide 11

Harder to Detect: Web Stealth Attacks Slide 12 More than HTTP floods Dynamic IP addresses –High distributed attack –Attacks using Anonymizers / Proxy –Attacks passing CDNs Attacks that are being obfuscated by SSL Attacks with the ability to pass C/R Attacks that use low-traffic volume but saturate servers’ resources

Attacks on Login Page are Destructive Cause a DB search Based on SSL No load-balancing yet Attacks on Login Page are Destructive Cause a DB search Based on SSL No load-balancing yet Web Stealth Attacks Slide 13

Implications of Login Page Attacks Slide 14

Login Page Attacks Over 40% of organizations have experienced Login Page Attack in 2013 Slide 15

Behind the Scenes of Notable Attacks: Operation Ababil

“Innocence of Muslims” Movie July 12, 2012 “Innocence of Muslims” trailer released on YouTube September 11, 2012 World-wide protest against the movie resulting in the deaths of 50 people September 18, 2012 Operation Ababil begins Slide 17

Operation Ababil Background July 12, 2012 “Innocence of Muslims” trailer released on YouTube September 11, 2012 World-wide protest against the movie resulting in the deaths of 50 people Slide 18

Operation Ababil The cyber attack is an act to stop the movie First targets Bank of America NYSE First targets Bank of America NYSE Group name is “Izz ad-din Al Qassam cyber fighters” Slide 19

Operation Ababil Timeline Slide 20

Operation Ababil Target Organizations Financial Service Providers Slide 21

Operation Ababil Attack Vectors Slide 22

Overcoming HTTP Challenges Slide 23

Attackers Shorten Time to Bypass Mitigation Tools “Peace” Period Pre-attack Phase Post-attack Phase Pre-attack Phase Post-attack Phase Slide 24

Fighting Cyber Attacks: Best Practices

Building the Strategy Slide 26 DON’T assume that you’re not a target BUILD your protection strategy and tactics LEARN from the mistakes of others DON’T assume that you’re not a target BUILD your protection strategy and tactics LEARN from the mistakes of others

Adding Tactics Slide 27 Don’t believe the DDoS protection propaganda – Test instead Understand the limitations of cloud-based scrubbing solutions Not all networking and security appliance solutions were created equal Don’t believe the DDoS protection propaganda – Test instead Understand the limitations of cloud-based scrubbing solutions Not all networking and security appliance solutions were created equal

You Can’t Defend Against Attacks You Can’t Detect Encrypted Low & Slow Encrypted DoS Vulnerability CDN/Proxy/Anonymizer attacks Dynamic IP Directed Attacks – Exploits Scraping and Data Theft Ajax and API attacks Slide 28

You Can’t Defend Against Attacks You Can’t Detect Network DDoS SYN Floods HTTP Floods Slide 29

Thank You