Presentation is loading. Please wait.

Presentation is loading. Please wait.

It’s Not Just You! Your Site Looks Down From Here Santo Hartono, ANZ Country Manager March 2014 Latest Trends in Cyber Security.

Published byDouglas Palmer Modified over 9 years ago

Similar presentations

Presentation on theme: "It’s Not Just You! Your Site Looks Down From Here Santo Hartono, ANZ Country Manager March 2014 Latest Trends in Cyber Security."— Presentation transcript:

1 It’s Not Just You! Your Site Looks Down From Here Santo Hartono, ANZ Country Manager March 2014 Latest Trends in Cyber Security

2 Radware Global Network and Application Security Report

3 Slide 3 Radware’s ERT 2013 Cases Unique visibility into attacks behavior Attacks monitored in real-time on a daily basis More than 300 cases analyzed –Customers identity remains undisclosed

4 The Threat Landscape DDoS is the most common attack method! Attacks last longer Government and Financial Services are the most attacked vectors Multi-vector trend continues Slide 4

5 DDoS Attacks Results Public attention 3.5% Results of one-second delay in Web page loading: decrease in conversion rate 2.1% decrease in shopping cart size 9.4% decrease in page views 8.3% increase in bounce rate Source: Strangeloop Networks, Case Study: The impact of HTML delay on mobile business metrics, November 2011 Slide 5

6 App Misuse DDoS Attack Vectors Large volume network flood attacks Network Scan Syn Floods SSL Floods “Low & Slow” DoS attacks (e.g.Sockstress) HTTP Floods Brute Force Slide 6 Internet Pipe Firewall IPS/IDS ADC Attacked Server SQL Server Connection Floods

7 2013 Attack Tools Trends

8 Attack Vectors Used Slide 8

9 Reflective Amplification Attacks on the Rise Slide 9 Easier to create Based on UDP protocol –Targeted protocols: DNS, NTP, SNMP –UDP connectionless nature enables to spoof the IP Address Key feature in creating reflective attack Obfuscates attacker real identity (IP address) Amplification affect: 8 – 650 times larger than originated message

10 DNS Based Attacks Most frequently used attack vector Amplification affect –Regular DNS replies - a normal reply is 3-4 times larger than the request –Researched replies – can reach up to 10 times the original request –Crafted replies – attacker compromises a DNS server and ensures requests are answered with the maximum DNS reply message (4096 bytes) - amplification factor of up to 100 times Slide 10

11 Nine day volumetric attack First to break the ceiling of 100 Gbps –Attack reached bandwidth of 300 Gbps Target: Anti-spam organization providing Internet service Attacker: CyberBunker and Sven Olaf Kamphuis Internet Service Provider Notable Amplification Attack: Spamhaus Slide 11

12 Harder to Detect: Web Stealth Attacks Slide 12 More than HTTP floods Dynamic IP addresses –High distributed attack –Attacks using Anonymizers / Proxy –Attacks passing CDNs Attacks that are being obfuscated by SSL Attacks with the ability to pass C/R Attacks that use low-traffic volume but saturate servers’ resources

13 Attacks on Login Page are Destructive Cause a DB search Based on SSL No load-balancing yet Attacks on Login Page are Destructive Cause a DB search Based on SSL No load-balancing yet Web Stealth Attacks Slide 13

14 Implications of Login Page Attacks Slide 14

15 Login Page Attacks Over 40% of organizations have experienced Login Page Attack in 2013 Slide 15

16 Behind the Scenes of Notable Attacks: Operation Ababil

17 “Innocence of Muslims” Movie July 12, 2012 “Innocence of Muslims” trailer released on YouTube September 11, 2012 World-wide protest against the movie resulting in the deaths of 50 people September 18, 2012 Operation Ababil begins Slide 17

18 Operation Ababil Background July 12, 2012 “Innocence of Muslims” trailer released on YouTube September 11, 2012 World-wide protest against the movie resulting in the deaths of 50 people Slide 18

19 Operation Ababil The cyber attack is an act to stop the movie First targets Bank of America NYSE First targets Bank of America NYSE Group name is “Izz ad-din Al Qassam cyber fighters” Slide 19

20 Operation Ababil Timeline Slide 20

21 Operation Ababil Target Organizations Financial Service Providers Slide 21

22 Operation Ababil Attack Vectors Slide 22

23 Overcoming HTTP Challenges Slide 23

24 Attackers Shorten Time to Bypass Mitigation Tools “Peace” Period Pre-attack Phase Post-attack Phase Pre-attack Phase Post-attack Phase Slide 24

25 Fighting Cyber Attacks: Best Practices

26 Building the Strategy Slide 26 DON’T assume that you’re not a target BUILD your protection strategy and tactics LEARN from the mistakes of others DON’T assume that you’re not a target BUILD your protection strategy and tactics LEARN from the mistakes of others

27 Adding Tactics Slide 27 Don’t believe the DDoS protection propaganda – Test instead Understand the limitations of cloud-based scrubbing solutions Not all networking and security appliance solutions were created equal Don’t believe the DDoS protection propaganda – Test instead Understand the limitations of cloud-based scrubbing solutions Not all networking and security appliance solutions were created equal

28 You Can’t Defend Against Attacks You Can’t Detect Encrypted Low & Slow Encrypted DoS Vulnerability CDN/Proxy/Anonymizer attacks Dynamic IP Directed Attacks – Exploits Scraping and Data Theft Ajax and API attacks Slide 28

29 You Can’t Defend Against Attacks You Can’t Detect Network DDoS SYN Floods HTTP Floods Slide 29

30 Thank You

Download ppt "It’s Not Just You! Your Site Looks Down From Here Santo Hartono, ANZ Country Manager March 2014 Latest Trends in Cyber Security."

Similar presentations

Palo Alto Networks Jay Flanyak Channel Business Manager

Palo Alto Networks Jay Flanyak Channel Business Manager
TCP for today’s Web. Connections today Web-page > 300KB but objects are small 7.5KB -2.4KB [25] lots of small objects in a page. Implication: TCP Handshake.

TCP for today’s Web. Connections today Web-page > 300KB but objects are small 7.5KB -2.4KB [25] lots of small objects in a page. Implication: TCP Handshake.
Lecture 9 Page 1 CS 236 Online Denial of Service Attacks that prevent legitimate users from doing their work By flooding the network Or corrupting routing.

Lecture 9 Page 1 CS 236 Online Denial of Service Attacks that prevent legitimate users from doing their work By flooding the network Or corrupting routing.
Attackers Vs. Defenders: Restoring the Equilibrium Ron Meyran Director of Security Marketing January 2013.

Attackers Vs. Defenders: Restoring the Equilibrium Ron Meyran Director of Security Marketing January 2013.
Radware DoS / DDoS Attack Mitigation System Orly Sorokin January 2013.

Radware DoS / DDoS Attack Mitigation System Orly Sorokin January 2013.
1 | © 2013 Infoblox Inc. All Rights Reserved. 1 | © 2014 Infoblox Inc. All Rights Reserved. Domain Name System (DNS) Network Security Asset or Achilles.

1 | © 2013 Infoblox Inc. All Rights Reserved. 1 | © 2014 Infoblox Inc. All Rights Reserved. Domain Name System (DNS) Network Security Asset or Achilles.
2011 Infrastructure Security Report 7 th Annual Edition CE Latinamerica Carlos A. Ayala

2011 Infrastructure Security Report 7 th Annual Edition CE Latinamerica Carlos A. Ayala
©2012 Check Point Software Technologies Ltd. [PROTECTED] — All rights reserved. Check Point DDoS Protector June 2012.

©2012 Check Point Software Technologies Ltd. [PROTECTED] — All rights reserved. Check Point DDoS Protector June 2012.
Frederic Fleurat ffleurat@arbor.net SIT mazagan 2014 Frederic Fleurat ffleurat@arbor.net.

Frederic Fleurat SIT mazagan 2014 Frederic Fleurat
DDoS Attacks: The Latest Threat to Availability. © Sombers Associates, Inc. 2013 2 The Anatomy of a DDoS Attack.

DDoS Attacks: The Latest Threat to Availability. © Sombers Associates, Inc The Anatomy of a DDoS Attack.
Akamai Confidential©2011 Akamai. In the Cloud Security Highlighting the Need for Defense-in-Depth R. H. Powell IV Director, Government Solutions CISSP.

Akamai Confidential©2011 Akamai. In the Cloud Security Highlighting the Need for Defense-in-Depth R. H. Powell IV Director, Government Solutions CISSP.
Barracuda Web Application Firewall

Barracuda Web Application Firewall
Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.

Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
Intruder Trends Tom Longstaff CERT Coordination Center Software Engineering Institute Carnegie Mellon University Pittsburgh, PA 15213-3890 Sponsored by.

Intruder Trends Tom Longstaff CERT Coordination Center Software Engineering Institute Carnegie Mellon University Pittsburgh, PA Sponsored by.
SYN Flooding: A Denial of Service Attack Shivani Hashia CS265.

SYN Flooding: A Denial of Service Attack Shivani Hashia CS265.
Copyright 2011 Trend Micro Inc. Trend Micro Web Security- Overview.

Copyright 2011 Trend Micro Inc. Trend Micro Web Security- Overview.
UNCLASSIFIED Secure Indirect Routing and An Autonomous Enterprise Intrusion Defense System Applied to Mobile ad hoc Networks J. Leland Langston, Raytheon.

UNCLASSIFIED Secure Indirect Routing and An Autonomous Enterprise Intrusion Defense System Applied to Mobile ad hoc Networks J. Leland Langston, Raytheon.
1 CCNA 2 v3.1 Module 10. 2 Intermediate TCP/IP CCNA 2 Module 10.

1 CCNA 2 v3.1 Module Intermediate TCP/IP CCNA 2 Module 10.
Web server security Dr Jim Briggs WEBP security1.

Web server security Dr Jim Briggs WEBP security1.

Similar presentations

Ads by Google