Add to collection(s) Add to saved
  1. No category
Uploaded by pallab sen

NETSCOUT DDoS

advertisement 
The Dark Side of DDoS DDoS Extortion & Triple Threat
„DDoS will hit you, it is no longer a question of ifor when- but how you will be attacked"
Alexander Tomik, Sales Engineer Eastern Europe
Alexander.Tomik@netscout.com
Vaidas Virbukas, Head of Network and Security Solutions Department
vaidas.virbukas@bluebridge.lt
COPYRIGHT © 2021 NETSCOUT SYSTEMS, INC.
1
Threat Intelligence Report
Findings from 2nd Half 2021
COPYRIGHT © 2021 NETSCOUT SYSTEMS, INC.
2
NS-SEC-EXT-003-2201
What is DDoS?
What is a Distributed Denial of Service (DDoS) attack?
• An attempt to consume finite resources, exploit weaknesses in software design or implementation, or
exploit lack of infrastructure capacity
• Targets the availability of computing and network resources
• DDoS attacks are attacks against capacity and/or state
DDoS Attack Vectors:
COPYRIGHT © 2021 NETSCOUT SYSTEMS, INC.
3
At a Glance…
COPYRIGHT © 2021 NETSCOUT SYSTEMS, INC.
4
NS-SEC-EXT-003-2201
9,7 million DDoS attacks hit the world in 2021 —
and at what price?
EMEA - Extortion attacks
COPYRIGHT © 2021 NETSCOUT SYSTEMS, INC.
5
Key Findings
The Triple Threat
The Rise of Server-Class
Botnet Armies
Flood of Attacks
DDoS-For-Hire Free-for-All
DDoS As a Homing Missile
The Intersection of Encryption,
State, and DDoS Defense
COPYRIGHT © 2021 NETSCOUT SYSTEMS, INC.
6
NS-SEC-EXT-003-2201
DDoS Extortion and Triple Threat
7-Figure losses reported!
• Lazarus Bear Armada (LBA) targeted many
industries and organizations VPN’s to disrupt
remote work
• Fancy Lazarus maintained their attacks against
ISPs authoritative DNS servers to suboptimal effect
• An REvil copycat bombarded SIP/RTP VoIP
Providers to devastating effect.
• One VoIP operator cited between $9 and $12
million in losses.
COPYRIGHT © 2021 NETSCOUT SYSTEMS, INC.
7
NS-SEC-EXT-003-2201
Ransomware Gangs
Triple Extortion Tactics
Avaddon
January
2021
COPYRIGHT © 2021 NETSCOUT SYSTEMS, INC.
REvil
BlackCat
November
2021
8
AvosLocker
Suncrypt
October
2020
NS-SEC-EXT-003-2201
Botnet Army Adds New Weapons
Rise of Server-Class Botnets
Meris
– Compromised MikroTik Routers used to launch application layer
attacks with high requests-per-second (RPS).
Dvinis
– Secondary botnet using compromised MikroTik routers to
similarly launch very high RPS attacks
GitMirai
– Leveraging a Gitlab vulnerability, Mirai enslaved Git servers to
participate in a very high-powered server-class botnet.
COPYRIGHT © 2021 NETSCOUT SYSTEMS, INC.
9
NS-SEC-EXT-003-2201
The Dark Side of DDoS-for-Hire
1.
AnonBot
8.
FlyStress
15. Stresser.us
2.
Booter
9.
Instant Stresser
16. SunStresser
3.
Booter SX
10. IPStresser
17. Toxicity
4.
CryptoStressor
11. NetworkStress
18. WebStresser
5.
CyberVM
12. Project Delta
19. ZDStresser
6.
DDoS Service
13. Str3ssed
7.
Downed
14. Stresser.gg
COPYRIGHT © 2021 NETSCOUT SYSTEMS, INC.
10
NS-SEC-EXT-003-2201
https://www.netscout.com/threatreport/ddos-attack-vectors
Periodic Table of DDoS Attack Vectors
COPYRIGHT © 2021 NETSCOUT SYSTEMS, INC.
11
NS-SEC-EXT-003-2201
NETSCOUT DDoS Protection
COPYRIGHT © 2021 NETSCOUT SYSTEMS, INC.
12
Arbor Edge Defense - On-Premise
COPYRIGHT © 2021 NETSCOUT SYSTEMS, INC.
13
Latest DDoS Attack Trends - Complexity
Fact: 83% of the time, firewall fails during DDoS attack…
TCP State-Exhaustion Attacks
31%
• Crashes stateful devices (Load
balancers, firewalls, IPSs)
• 2x increase (up from 16% prior year)
• 54% have experienced failure
Your Data Center
BotNet
The Internet
Application Server
Your ISP
Firewall
Volumetric Attacks
42%
Application Layer Attacks
• Large (up to 1.7Tbs)
• Saturates links
• 91% WISR Enterprise experienced
saturation
27%
Source: Arbor Networks 14h Annual Worldwide Infrastructure Security Report
COPYRIGHT © 2021 NETSCOUT SYSTEMS, INC.
14
• Low and Slow, Stealth attacks
• Crashes application servers
Arbor Edge Defense (AED)
The First and Last Line of Smart, Automated Edge Defense
Network Edge
Your
Threat
Intel.
NGFW
Rest of Security Stack
AED
FIRST LINE OF DEFENSE
LAST LINE OF DEFENSE
• Inbound DDoS Attacks
Not just Volumetric
• Probing/recon/brute force attacks
• Block outbound communication from
compromised internal hosts. (All
COPYRIGHT © 2021 NETSCOUT SYSTEMS, INC.
15
potentially missed by existing
security stack)
Introducing Arbor Edge Defense
Enterprise Perimeter Protection: First and last line of Smart, Automated, Stateless, Perimeter
Defense. Providing stateless protection from state exhaustion and application layer DDoS. Providing
visibility and control for your whole Internet connectivity, whilst also leveraging ATLAS intelligence for
advanced cyber threat protection.
Enterprise Edge
Arbor Edge Defense
• Packet visibility at the edge
– Inline and transparent to the network
– Real-time monitoring / detection / protection
• Tuned for business infrastructure
– Insider knowledge of customer facing and
corporate infrastructure
Customer facing
applications
Internet
Arbor Edge
Defense
(AED)
• Protects availability of all enterprise services
from sophisticated DDoS attacks
Corporate
resources
• Key point of perimeter control
COPYRIGHT © 2021 NETSCOUT SYSTEMS, INC.
VPN/Firewall
LB/IPS/WAF
Security Stack
DMZ/Servers
16
Outbound Detection and Containment of IoC
Outbound Threat
Communication
Internet
AED
Internal Network / Data Center
• Threat intelligence from
NETSCOUT’s ATLAS or 3rd parties
(STIX, TAXII)
• Integration with Splunk, Syslog,
SIEM, API
COPYRIGHT © 2021 NETSCOUT SYSTEMS, INC.
17
Multi-Layered DDoS Protection
COPYRIGHT © 2021 NETSCOUT SYSTEMS, INC.
18
Arbor Cloud®
▪
▪
Cloud Signal to automatically route
large DDoS attack traffic to Arbor Cloud
for mitigation.
An ISP Agnostic, managed DDoS Protection
Service.
Stop large DDoS attacks in Arbor Cloud
Global Scrubbing Centers (14 scrubbing
centers, 13 Tbps of mitigation capacity)
2
3
Cloud
Signaling
On-Premise
The Internet
Operator
Network
Botnet
AED
1
Arbor Edge Defense (AED)
Arbor ATLAS/ASERT/ATAC
▪
▪
▪
Global Visibility and Threat Intelligence
ATLAS Intelligence Feed (AIF) arms
products with latest, global, actionable,
threat intelligence.
ATAC Managed Services
COPYRIGHT © 2021 NETSCOUT SYSTEMS, INC.
▪
▪
▪
4
19
For data centers and customer premises.
Always on, protection from in-bound and
outbound threats (i.e. DDoS attacks and
IoCs).
Cloud Signaling for large attacks.
Cloud Signal to automatically route large DDoS
attack traffic to Arbor Cloud for mitigation.
Stop large DDoS attacks in Arbor Cloud
Global Scrubbing Centers (14 scrubbing
centers, 13 Tbps of mitigation capacity)
Automatically detect and stop inbound
and outbound DDoS attacks. Excels at
application layer and TCP-state
exhaustion attacks.
Global Visibility and Threat Intelligence
ATLAS Intelligence Feed (AIF) arms products
with latest, global, actionable, threat intelligence.
COPYRIGHT © 2021 NETSCOUT SYSTEMS, INC.
20
Arbor Cloud DDoS Protection Services
COPYRIGHT © 2021 NETSCOUT SYSTEMS, INC.
21
Arbor Cloud DDoS Mitigation Service
Stockholm
• Dedicated DDoS
Protection
Platform
London
Amsterdam
Frankfurt
San Jose
Los
Angeles
New York
Marseille
Tokyo
Ashburn
Dallas
• 14 Datacenters
Worldwide
Singapore
• BGP and DNS
traffic diversion
Sao Paulo
• 24x7 SOC
Sydney
Total Capacity: 13Tbps
COPYRIGHT © 2021 NETSCOUT SYSTEMS, INC.
22
ATLAS, ASERT, SOC
COPYRIGHT © 2021 NETSCOUT SYSTEMS, INC.
23
*Active Threat Level Analysis System
Statistics:
• Feedback loop from
our customers
• 400 Active SP
Contributors
ASNs:
44,570
Unique IPv4
Addresses: 2.63B
“Dark” IPv4
Addresses:
• ATLAS “sees” 1/3 of all
Internet Traffic or
around 140Tbps
• ASERT - Arbor
Security&Engineering
Response Team
1.76M
The Foundation of Global Threat Visibility
Arbor Networks ATLAS®, from Arbor Networks, the security division of NETSCOUT, is the world’s first and largest globally scoped threat analysis network. Launched in 2007 in partnership with a group of Arbor service provider customers,
ATLAS delivers smart data to provide unparalleled visibility into the backbone networks that form the Internet’s core. This data is generated by the participation of more than 330 customers who have agreed to share anonymous traffic data,
based on 140 Tbps or approximately one-third of all Internet traffic. Customers use this smart data to make timely and informed decisions about their network security, as well as service creation, market analysis, capacity planning, and
application trends.
24
NETSCOUT Arbor: Industry Leading DDoS Protection
Industry leader in DDoS
attack protection
products and services.
20
1/3
Number of years
Arbor has been
delivering innovative
security and network
visibility technologies
& products
Amount of Internet
traffic monitored by
the ATLAS project
https://horizon.netscout.com
Arbor Networks is part of NETSCOUT since 2015.
COPYRIGHT © 2021 NETSCOUT SYSTEMS, INC.
25
Thank You!
COPYRIGHT © 2021 NETSCOUT SYSTEMS, INC.
26
Related documents
Study research 2021
Study research 2021
10.93, Gafforov Xasan Shuxratovich
10.93, Gafforov Xasan Shuxratovich
Assessment of the Functionality of local health system
Assessment of the Functionality of local health system
MAT 22
MAT 22
Marketing
Marketing
grouphw4
grouphw4
'Lesson CW
'Lesson CW
2020+Individual+Return
2020+Individual+Return
Algebra+1+module+2+study+guide
Algebra+1+module+2+study+guide
Download
advertisement