Multi-vector DDOS AttacksDetection and Mitigation

Paul MazzuccoChief Security OfficerJanuary 2016

Key Reasons for Cyber Attacks

Source: Hackmagedden Source: Hackmagedden

4 months later …December 2014

DoS/DDoS Attacks New Cyber Weapon of Choice

Cyber Attack Sophistication Is Increasing

• Lower bandwidth attacks occur morefrequently, last longer, evade detection

- Overwhelm servers, take down site• Multi-vector campaigns

- Booter services- Dark DDoS attacks (smokescreens)

- Distract victims, other attacks infiltratecorporate networks

- DDoS-as-a-Service business model- Botnets for hire, $6/month

Cyber Attack Sophistication Is Increasing

• Lower bandwidth attacks occur morefrequently, last longer, evade detection

- Overwhelm servers, take down site• Multi-vector campaigns

- Booter services- Dark DDoS attacks (smokescreens)

- Distract victims, other attacks infiltratecorporate networks

- DDoS-as-a-Service business model- Botnets for hire, $6/month

Source: AkamaiSource: AkamaiSource: Imperva

The Industry Hit List

Drivers: the rise of the Internet of Things,web vulnerabilities and botnet building

Choice Targets

• Competitive industries, e.g. gaming• SaaS platforms, e.g. healthcare data• Multi-tenant platforms: attacks on one

tenant impact all other tenants

Drivers: the rise of the Internet of Things,web vulnerabilities and botnet building

Choice Targets

• Competitive industries, e.g. gaming• SaaS platforms, e.g. healthcare data• Multi-tenant platforms: attacks on one

tenant impact all other tenants Source: Akamai

20% of DDoS attacks last over 5 daysThe longest attack in 2015 lasted 64 days

Lightening Often Strikes More Than Twice

50% of North American and Europeancompanies have been attacked

• 83% of companies attacked repeatedly• Star Trek Online (STO) – 3 times, Sept ‘15• Neverwinter Online – 3 times, Sept ‘15

• 54% attacked 6+ times annually• Rutgers Univ – 6 times in 2015

• 25% experienced theft of data or funds• U.S. FTC has reached settlements with 50+

companies over poor data security practices

50% of North American and Europeancompanies have been attacked

• 83% of companies attacked repeatedly• Star Trek Online (STO) – 3 times, Sept ‘15• Neverwinter Online – 3 times, Sept ‘15

• 54% attacked 6+ times annually• Rutgers Univ – 6 times in 2015

• 25% experienced theft of data or funds• U.S. FTC has reached settlements with 50+

companies over poor data security practices

Source: Akamai

Losses greater than 30,000 records

Source: Neustar and The Ponemon Institute

Where Are the Attacks Taking Place?

The 7 Layers of the OSI Model

Session attacks typically defeatconventional firewalls

Source: Akamai

Infrastructure-layer DDoS attacksoutnumber application-layer attacks 9-to-1

Source: Akamai

• 88% of application-based attacks cameover HTTP

• 15% of organizations reported attackstargeting Web application log in pageson a daily basis

• UDP fragments becoming the largestportion of network layer attack traffic

Source: Akamai

• 88% of application-based attacks cameover HTTP

• 15% of organizations reported attackstargeting Web application log in pageson a daily basis

• UDP fragments becoming the largestportion of network layer attack traffic

Source: Akamai

Significant Attack Vectors Have Emerged

The Simple Service Discovery Protocol (SSDP)- Top Infrastructure-based Attack Vector

SSDP comes pre-enabled on millions ofdevices – routers, media servers, web cams,smart TVs, printers, automobiles

Allows devices to discover each other on anetwork, establish communication, coordinateactivities

Attackers are armed with a list of vulnerabledevices; use them as reflectors to amplify aDDoS attack

SSDP comes pre-enabled on millions ofdevices – routers, media servers, web cams,smart TVs, printers, automobiles

Allows devices to discover each other on anetwork, establish communication, coordinateactivities

Attackers are armed with a list of vulnerabledevices; use them as reflectors to amplify aDDoS attackSSDP accounted for more than

20% of attack vectors in 2015

Attackers Quickly Strike Back

Attackers are continually developing new attackvectors that defeat mitigation tools

They respond in days / hours after mitigation toolsare deployed

Meaning businesses face two chief challenges:• The increasing complexity of security, i.e.

multi-pronged nature of the attacks• Speed at which attackers adapt to new

mitigation tools

Compromise Takes Minutes, Discovery Takes Longer

Source: Radware

The cost of DDoS attacks

• Average $40K per hour

• 32% of companies wouldloose over $100K revenueper hour of attack

• 11% of US companies wouldloose $1 Million+ revenueper hour of attack

Source: Neustar

1 in 5 companies were told of attacks bycustomers, partners, other 3rd parties

• Envelope Attacks – Device Overload• Directed Attacks - Exploits• Intrusions – Mis-Configurations• Localized Volume Attacks• Low & Slow Attacks• SSL Floods

Required Detection:Encrypted/Non-Volumetric Attacks

• Web Attacks• Application Misuse• Connection Floods• Brute Force• Directory Traversals• Injections• Scraping & API Misuse

Required Detection:Application Attacks

• Network DDoS• SYN Floods• HTTP Floods

Required Detection:Volumetric Attacks

Fight Back – Advice #1

Don’t assume your company is not a target

Bake DDoS mitigation into your businessresiliency planning

Understand that no two DDoS attacks areexactly alike

Ensure buy-in from ALL C-suite executives

Fight Back – Advice #2

Protecting your data is not the same asprotecting your business

Also review your current investments insystem integrity and operationalavailability

Then gauge the increase required toensure appropriate protection

Fight Back – Advice #3

You can’t defend against attacks you can’tdetect

Understand your vulnerabilities in today’sdistributed environments

Fight Back – Advice #4

Evaluate DDoS protection solutions

Consider a hybrid approach of layeredDDoS defenses: always on, on-premisehardware blocking plus cloud-based trafficscrubbing

Fight Back – Advice #5

Know your limitations

Enlist specialists that have the expertiseto help you fight and win

> Submit your question via webinarchat box

> Email the Event Moderator post-event

– If we can’t get to your question on thecall, we’ll respond promptly via email:Sue.Lawrence-Longo@tierpoint.com

Webinars On Demand…

> Visit our website to view any of our previous webinars on demand(Resources > Library > Webinars):

– Cloud Security Myths

– When Virtualization Meets Infrastructure: A Business Transformation Story

– BYOD: Is This Exploding Trend a Security Time-Bomb?

– How to Investigate Your Cloud Provider’s Security Capabilities

– How to Position Cloud ROI

– Mitigate Risk with Hybrid DR in the Cloud

– 7 Smart Metrics to Calculate Cloud ROI

– Cloud, Colo or Hybrid - Top 4 Considerations