Akamai Confidential ©2011 Akamai In the Cloud Security Highlighting the Need for Defense-in-Depth R. H. Powell IV Director, Government Solutions CISSP Rpowell@Akamai.com W: 703.621.4029 M: 703.867.5899 Headlines You May Have Seen Akamai Confidential ©2011 Akamai Headlines You DID NOT See Independence Day Attacks Paralyze the U.S. Financial & Government Websites Attacked and Taken Down: Stocks Show Concerns President Delays Trip Due to Cyber Attacks Akamai Confidential ©2011 Akamai The Threat is Real DDoS is the #1 Preferred Method of Attack (TrustWave 2011) 74% of surveyed companies experienced one or more DDoS attacks in the past year, 31% of these attacks resulting in service disruption – Forrester Research Akamai Confidential LulzSec, Anonymous declare war on government websites Hacker groups call for stealing, leaking classified information ©2011 Akamai Akamai Attack Trends in 2011 Total DDoS attack volume against Akamai customers is growing 100% 2010 – 2011 Average Attack sizes are in the 3 10 Gbps range Attacks are originating from all geographies and are moving between geographies during the volume is projected based attack 2011 on actuals through September Akamai DDoS Attack Trend Data 600 500 400 300 200 100 0 2009 2010 2011 The Akamai network saw more DDoS attacks in the fourth quarter of 2010 than in the first three quarters of the year combined – Tom Leighton, Chief Scientist, Akamai Technologies Akamai Confidential ©2011 Akamai Why? Extortion / Theft State Sponsored Akamai Confidential Political Hackitivism Traditional Hackers: Glory Hounds ©2011 Akamai Why? Extortion / Theft State Sponsored Akamai Confidential Political Hackitivism Traditional Hackers: Glory Hounds ©2011 Akamai July 4th DDoS Attack Timeline Distributed, Agile and Multi-Phased Attack Protected Akamai Customers from Effects Absorbed: 1M+ Hps; 200+ Gbps; 300k+ Attack IPs Denied the Attacker - Affects on Targets Maintained Customer Brand Integrity Provided Near Real-Time SA & Alerting Provided Analysis to US Cyber Officials Akamai Provides Customers the Ability to “Fight Through” the Attack ! “The first list had only five targets — all U.S.Federal government sites. A second listWeb used sites by thewere malware on down July 6 had 21 targets, all U.S. government “While Treasury Department and Trade Commission shut by the software attack, which and lasted for commercial sector sites, including e-commerce and media sites. A list on the 7th switched out some of the U.S. sites for ones in South Korea. …Joe Stewart, All Targeted Applications on the Akamai Platform Remained Available. days over the holiday weekend, others such as the Pentagon and the White House were able to fend it off with little disruption” Akamai ©2011 Akamai director ofConfidential malware research at SecureWorks -- NewPlatform York Times All Targets Applications not on the Akamai were Rendered Unavailable. Oct 5, 2011: Vulnerability Scanning Shut Down - Scanning triggers alerts - Offending requests are identified and denied <4hrs Akamai Confidential ©2011 Akamai Why? Extortion / Theft State Sponsored Akamai Confidential Political Hackitivism Traditional Hackers: Glory Hounds ©2011 Akamai Holiday Season 2010 – DDoS Attacks Attacked eCommerce Web Sites Protected by Akamai Averted $15M in Lost Revenue Customer 1 Customer 2 Customer 3 Akamai Confidential PROTECTED Times Above Normal Traffic Peak Attack Time (GMT) Customer #1 9,095x 11/30 2PM Customer #2 5,803x 12/1 2PM Customer #3 3,115x 11/30 2PM Customer #4 2,874x 12/1 1PM Customer #5 1,807x 12/1 1PM Highly distributed international DDoS attacks from AsiaPac, South America and Middle East ©2011 Akamai Why? Extortion / Theft State Sponsored Akamai Confidential Political Hackitivism Traditional Hackers: Glory Hounds ©2011 Akamai Customer Telemetry – Q2 2011 During LOIC Attacks Average response time during attack: 0.87 seconds. Akamai Confidential Availability during the LOIC attack: 100% ©2011 Akamai Why? Extortion / Theft State Sponsored Akamai Confidential Political Hackitivism Traditional Hackers: Glory Hounds ©2011 Akamai Bitcoin Akamai Confidential ©2011 Akamai Let’s hold somebody ransom (the actual ransom note) Your site www.#####.de will be subjected to DDoS attacks 100 Gbit/s. Pay 100 btc(bitcoin) on the account 1ACFJHoB8Z3KDwDn6XdNTEJb6S7VsQiLZG Do not reply to this email Akamai Confidential ©2011 Akamai BitCoin – The attack Akamai Confidential ©2011 Akamai Akamai’s response Akamai Confidential ©2011 Akamai FBI Attack Warning The Tip -> The Response -> The Result -> Akamai Confidential ©2011 Akamai