it’s not just you! your site looks down from here santo hartono, anz country manager march 2014...
TRANSCRIPT
![Page 1: It’s Not Just You! Your Site Looks Down From Here Santo Hartono, ANZ Country Manager March 2014 Latest Trends in Cyber Security](https://reader030.vdocuments.mx/reader030/viewer/2022032709/56649e925503460f94b980fe/html5/thumbnails/1.jpg)
It’s Not Just You! Your Site Looks Down From Here
Santo Hartono, ANZ Country ManagerMarch 2014
Latest Trends in Cyber Security
![Page 2: It’s Not Just You! Your Site Looks Down From Here Santo Hartono, ANZ Country Manager March 2014 Latest Trends in Cyber Security](https://reader030.vdocuments.mx/reader030/viewer/2022032709/56649e925503460f94b980fe/html5/thumbnails/2.jpg)
Radware Global Network and Application Security Report
![Page 3: It’s Not Just You! Your Site Looks Down From Here Santo Hartono, ANZ Country Manager March 2014 Latest Trends in Cyber Security](https://reader030.vdocuments.mx/reader030/viewer/2022032709/56649e925503460f94b980fe/html5/thumbnails/3.jpg)
Slide 3
Radware’s ERT 2013 Cases
• Unique visibility into attacks behavior
• Attacks monitored in real-time on a daily basis
• More than 300 cases analyzed– Customers identity remains
undisclosed
![Page 4: It’s Not Just You! Your Site Looks Down From Here Santo Hartono, ANZ Country Manager March 2014 Latest Trends in Cyber Security](https://reader030.vdocuments.mx/reader030/viewer/2022032709/56649e925503460f94b980fe/html5/thumbnails/4.jpg)
The Threat Landscape
DDoS is the most common attack method!
Attacks last longer
Government and Financial Services are the most attacked vectors
Multi-vector trend continues
Slide 4
![Page 5: It’s Not Just You! Your Site Looks Down From Here Santo Hartono, ANZ Country Manager March 2014 Latest Trends in Cyber Security](https://reader030.vdocuments.mx/reader030/viewer/2022032709/56649e925503460f94b980fe/html5/thumbnails/5.jpg)
DDoS Attacks Results
Public attention
3.5%
Results of one-second delay in Web page loading:
decrease in conversion rate
2.1% decrease in shopping cart size
9.4% decrease in page views
8.3% increase in bounce rate
Source: Strangeloop Networks, Case Study:The impact of HTML delay on mobile business metrics, November 2011
Slide 5
![Page 6: It’s Not Just You! Your Site Looks Down From Here Santo Hartono, ANZ Country Manager March 2014 Latest Trends in Cyber Security](https://reader030.vdocuments.mx/reader030/viewer/2022032709/56649e925503460f94b980fe/html5/thumbnails/6.jpg)
App Misuse
DDoS Attack Vectors
Large volume network flood attacks
Network Scan
Syn Floods
SSL Floods
“Low & Slow” DoS attacks
(e.g.Sockstress)
HTTP Floods
Brute Force
Slide 6
Internet Pipe Firewall IPS/IDS ADC Attacked Server SQL Server
Connection Floods
![Page 7: It’s Not Just You! Your Site Looks Down From Here Santo Hartono, ANZ Country Manager March 2014 Latest Trends in Cyber Security](https://reader030.vdocuments.mx/reader030/viewer/2022032709/56649e925503460f94b980fe/html5/thumbnails/7.jpg)
2013 Attack Tools Trends
![Page 8: It’s Not Just You! Your Site Looks Down From Here Santo Hartono, ANZ Country Manager March 2014 Latest Trends in Cyber Security](https://reader030.vdocuments.mx/reader030/viewer/2022032709/56649e925503460f94b980fe/html5/thumbnails/8.jpg)
Attack Vectors Used
Slide 8
![Page 9: It’s Not Just You! Your Site Looks Down From Here Santo Hartono, ANZ Country Manager March 2014 Latest Trends in Cyber Security](https://reader030.vdocuments.mx/reader030/viewer/2022032709/56649e925503460f94b980fe/html5/thumbnails/9.jpg)
Reflective Amplification Attacks on the Rise
Slide 9
• Easier to create
• Based on UDP protocol– Targeted protocols: DNS, NTP, SNMP
– UDP connectionless nature enables to spoof the IP Address
• Key feature in creating reflective attack
• Obfuscates attacker real identity (IP address)
• Amplification affect: 8 – 650 times larger than originated message
![Page 10: It’s Not Just You! Your Site Looks Down From Here Santo Hartono, ANZ Country Manager March 2014 Latest Trends in Cyber Security](https://reader030.vdocuments.mx/reader030/viewer/2022032709/56649e925503460f94b980fe/html5/thumbnails/10.jpg)
DNS Based Attacks
• Most frequently used attack vector• Amplification affect
– Regular DNS replies - a normal reply is 3-4 times larger than the request
– Researched replies – can reach up to 10 times the original request
– Crafted replies – attacker compromises a DNS server and ensures requests are answered with the maximum DNS reply message (4096 bytes) - amplification factor of up to 100 times
Slide 10
![Page 11: It’s Not Just You! Your Site Looks Down From Here Santo Hartono, ANZ Country Manager March 2014 Latest Trends in Cyber Security](https://reader030.vdocuments.mx/reader030/viewer/2022032709/56649e925503460f94b980fe/html5/thumbnails/11.jpg)
• Nine day volumetric attack• First to break the ceiling of 100 Gbps
– Attack reached bandwidth of 300 Gbps
• Target: Anti-spam organization providing Internet service• Attacker: CyberBunker and Sven Olaf Kamphuis
Internet Service Provider
Notable Amplification Attack: Spamhaus
Slide 11
![Page 12: It’s Not Just You! Your Site Looks Down From Here Santo Hartono, ANZ Country Manager March 2014 Latest Trends in Cyber Security](https://reader030.vdocuments.mx/reader030/viewer/2022032709/56649e925503460f94b980fe/html5/thumbnails/12.jpg)
Harder to Detect: Web Stealth Attacks
Slide 12
• More than HTTP floods• Dynamic IP addresses
– High distributed attack– Attacks using Anonymizers / Proxy– Attacks passing CDNs
• Attacks that are being obfuscated by SSL• Attacks with the ability to pass C/R• Attacks that use low-traffic volume but saturate
servers’ resources
![Page 13: It’s Not Just You! Your Site Looks Down From Here Santo Hartono, ANZ Country Manager March 2014 Latest Trends in Cyber Security](https://reader030.vdocuments.mx/reader030/viewer/2022032709/56649e925503460f94b980fe/html5/thumbnails/13.jpg)
Attacks on Login Page are DestructiveCause a DB searchBased on SSLNo load-balancing yet
Web Stealth Attacks
Slide 13
![Page 14: It’s Not Just You! Your Site Looks Down From Here Santo Hartono, ANZ Country Manager March 2014 Latest Trends in Cyber Security](https://reader030.vdocuments.mx/reader030/viewer/2022032709/56649e925503460f94b980fe/html5/thumbnails/14.jpg)
Implications of Login Page Attacks
Slide 14
![Page 15: It’s Not Just You! Your Site Looks Down From Here Santo Hartono, ANZ Country Manager March 2014 Latest Trends in Cyber Security](https://reader030.vdocuments.mx/reader030/viewer/2022032709/56649e925503460f94b980fe/html5/thumbnails/15.jpg)
Login Page Attacks
Over 40% of organizations have experienced Login Page Attack in 2013
Slide 15
![Page 16: It’s Not Just You! Your Site Looks Down From Here Santo Hartono, ANZ Country Manager March 2014 Latest Trends in Cyber Security](https://reader030.vdocuments.mx/reader030/viewer/2022032709/56649e925503460f94b980fe/html5/thumbnails/16.jpg)
Behind the Scenes of Notable Attacks:
Operation Ababil
![Page 17: It’s Not Just You! Your Site Looks Down From Here Santo Hartono, ANZ Country Manager March 2014 Latest Trends in Cyber Security](https://reader030.vdocuments.mx/reader030/viewer/2022032709/56649e925503460f94b980fe/html5/thumbnails/17.jpg)
“Innocence of Muslims” Movie
July 12, 2012“Innocence of Muslims” trailer released on YouTube
September 11, 2012World-wide protest against the movie resulting in the deaths of 50 people
September 18, 2012Operation Ababil begins
Slide 17
![Page 18: It’s Not Just You! Your Site Looks Down From Here Santo Hartono, ANZ Country Manager March 2014 Latest Trends in Cyber Security](https://reader030.vdocuments.mx/reader030/viewer/2022032709/56649e925503460f94b980fe/html5/thumbnails/18.jpg)
Operation Ababil Background
July 12, 2012“Innocence of Muslims” trailer released on YouTube
September 11, 2012World-wide protest against the movie resulting in the deaths of 50 people
Slide 18
![Page 19: It’s Not Just You! Your Site Looks Down From Here Santo Hartono, ANZ Country Manager March 2014 Latest Trends in Cyber Security](https://reader030.vdocuments.mx/reader030/viewer/2022032709/56649e925503460f94b980fe/html5/thumbnails/19.jpg)
Operation Ababil
The cyber attack is an act to stop the
movie
First targetsBank of America
NYSE
Group name is “Izz ad-din Al Qassam cyber fighters”
Slide 19
![Page 20: It’s Not Just You! Your Site Looks Down From Here Santo Hartono, ANZ Country Manager March 2014 Latest Trends in Cyber Security](https://reader030.vdocuments.mx/reader030/viewer/2022032709/56649e925503460f94b980fe/html5/thumbnails/20.jpg)
Operation Ababil Timeline
Slide 20
![Page 21: It’s Not Just You! Your Site Looks Down From Here Santo Hartono, ANZ Country Manager March 2014 Latest Trends in Cyber Security](https://reader030.vdocuments.mx/reader030/viewer/2022032709/56649e925503460f94b980fe/html5/thumbnails/21.jpg)
Operation Ababil Target Organizations
Financial Service Providers
Slide 21
![Page 22: It’s Not Just You! Your Site Looks Down From Here Santo Hartono, ANZ Country Manager March 2014 Latest Trends in Cyber Security](https://reader030.vdocuments.mx/reader030/viewer/2022032709/56649e925503460f94b980fe/html5/thumbnails/22.jpg)
Operation Ababil Attack Vectors
Slide 22
![Page 23: It’s Not Just You! Your Site Looks Down From Here Santo Hartono, ANZ Country Manager March 2014 Latest Trends in Cyber Security](https://reader030.vdocuments.mx/reader030/viewer/2022032709/56649e925503460f94b980fe/html5/thumbnails/23.jpg)
Overcoming HTTP Challenges
Script 302 Redirect Challenge JS Challenge Special Challenge
Kamikaze Pass Not pass Not pass
Kamina Pass Not pass Not pass
Terminator Pass Pass Not pass
Kill’emAll Pass Pass Not pass
Slide 23
![Page 24: It’s Not Just You! Your Site Looks Down From Here Santo Hartono, ANZ Country Manager March 2014 Latest Trends in Cyber Security](https://reader030.vdocuments.mx/reader030/viewer/2022032709/56649e925503460f94b980fe/html5/thumbnails/24.jpg)
Attackers Shorten Time to Bypass Mitigation Tools
“Peace” Period
Pre-attackPhase
Post-attackPhase
Pre-attackPhase
Post-attackPhase
Slide 24
![Page 25: It’s Not Just You! Your Site Looks Down From Here Santo Hartono, ANZ Country Manager March 2014 Latest Trends in Cyber Security](https://reader030.vdocuments.mx/reader030/viewer/2022032709/56649e925503460f94b980fe/html5/thumbnails/25.jpg)
Fighting Cyber Attacks:
Best Practices
![Page 26: It’s Not Just You! Your Site Looks Down From Here Santo Hartono, ANZ Country Manager March 2014 Latest Trends in Cyber Security](https://reader030.vdocuments.mx/reader030/viewer/2022032709/56649e925503460f94b980fe/html5/thumbnails/26.jpg)
Building the Strategy
Slide 26
• DON’T assume that you’re not a target
• BUILD your protection strategy and tactics
• LEARN from the mistakes of others
![Page 27: It’s Not Just You! Your Site Looks Down From Here Santo Hartono, ANZ Country Manager March 2014 Latest Trends in Cyber Security](https://reader030.vdocuments.mx/reader030/viewer/2022032709/56649e925503460f94b980fe/html5/thumbnails/27.jpg)
Adding Tactics
Slide 27
• Don’t believe the DDoS protection propaganda – Test instead
• Understand the limitations of cloud-based scrubbing solutions
• Not all networking and security appliance solutions were created equal
![Page 28: It’s Not Just You! Your Site Looks Down From Here Santo Hartono, ANZ Country Manager March 2014 Latest Trends in Cyber Security](https://reader030.vdocuments.mx/reader030/viewer/2022032709/56649e925503460f94b980fe/html5/thumbnails/28.jpg)
You Can’t Defend Against Attacks You Can’t Detect
• Encrypted Low & Slow• Encrypted DoS Vulnerability• CDN/Proxy/Anonymizer attacks• Dynamic IP• Directed Attacks – Exploits• Scraping and Data Theft• Ajax and API attacks
Application
Server
Front End
Data Center
Perimeter
Slide 28
![Page 29: It’s Not Just You! Your Site Looks Down From Here Santo Hartono, ANZ Country Manager March 2014 Latest Trends in Cyber Security](https://reader030.vdocuments.mx/reader030/viewer/2022032709/56649e925503460f94b980fe/html5/thumbnails/29.jpg)
You Can’t Defend Against Attacks You Can’t Detect
• Network DDoS• SYN Floods• HTTP Floods
Application
Server
Front End
Data Center
Perimeter
Cloud
Scrubbing
Slide 29
![Page 30: It’s Not Just You! Your Site Looks Down From Here Santo Hartono, ANZ Country Manager March 2014 Latest Trends in Cyber Security](https://reader030.vdocuments.mx/reader030/viewer/2022032709/56649e925503460f94b980fe/html5/thumbnails/30.jpg)
Thank You