During LOIC Attacks

advertisement
Akamai Confidential
©2011 Akamai
In the Cloud Security
Highlighting the Need for Defense-in-Depth
R. H. Powell IV
Director, Government Solutions
CISSP
Rpowell@Akamai.com
W: 703.621.4029
M: 703.867.5899
Headlines You May Have Seen
Akamai Confidential
©2011 Akamai
Headlines You DID NOT See
Independence Day Attacks
Paralyze the U.S.
Financial & Government Websites
Attacked and Taken Down: Stocks
Show Concerns
President Delays Trip Due to
Cyber Attacks
Akamai Confidential
©2011 Akamai
The Threat is Real
DDoS is the #1 Preferred Method of Attack (TrustWave 2011)
74% of surveyed companies experienced one or more DDoS attacks in the past year, 31% of these attacks resulting in service disruption – Forrester Research
Akamai Confidential
LulzSec, Anonymous declare war on government websites Hacker groups call for stealing, leaking classified information
©2011 Akamai
Akamai Attack Trends in 2011
Total DDoS attack volume against
Akamai customers is growing
100% 2010 – 2011
Average Attack sizes are in the 3 10 Gbps range
Attacks are originating from all
geographies and are moving
between geographies during the
volume is projected based
attack 2011
on actuals through September
Akamai DDoS Attack Trend Data
600
500
400
300
200
100
0
2009
2010
2011
The Akamai network saw more DDoS attacks in the fourth quarter of 2010 than in the first three quarters of the year combined
– Tom Leighton, Chief Scientist, Akamai Technologies
Akamai Confidential
©2011 Akamai
Why?
Extortion / Theft
State Sponsored
Akamai Confidential
Political Hackitivism
Traditional Hackers: Glory Hounds
©2011 Akamai
Why?
Extortion / Theft
State Sponsored
Akamai Confidential
Political Hackitivism
Traditional Hackers: Glory Hounds
©2011 Akamai
July 4th DDoS Attack Timeline
Distributed, Agile and Multi-Phased Attack
Protected Akamai Customers from
Effects
Absorbed: 1M+ Hps; 200+ Gbps; 300k+
Attack IPs
Denied the Attacker - Affects on Targets
Maintained Customer Brand Integrity
Provided Near Real-Time SA & Alerting
Provided Analysis to US Cyber Officials
Akamai Provides Customers the Ability to “Fight Through” the Attack !
“The
first list
had only five
targets — all
U.S.Federal
government
sites.
A second listWeb
used sites
by thewere
malware
on down
July 6 had
21 targets,
all U.S.
government
“While
Treasury
Department
and
Trade
Commission
shut
by the
software
attack,
which and
lasted for
commercial sector sites, including
e-commerce
and
media
sites.
A
list
on
the
7th
switched
out
some
of
the
U.S.
sites
for
ones
in
South
Korea.
…Joe Stewart,
All
Targeted
Applications
on
the
Akamai
Platform
Remained
Available.
days
over
the
holiday
weekend,
others
such
as
the
Pentagon
and
the
White
House
were
able
to
fend
it
off
with
little
disruption”
Akamai
©2011 Akamai
director
ofConfidential
malware research at SecureWorks
-- NewPlatform
York Times
All Targets Applications not on the Akamai
were Rendered Unavailable.
Oct 5, 2011: Vulnerability Scanning Shut Down
- Scanning triggers alerts
- Offending requests are
identified and denied <4hrs
Akamai Confidential
©2011 Akamai
Why?
Extortion / Theft
State Sponsored
Akamai Confidential
Political Hackitivism
Traditional Hackers: Glory Hounds
©2011 Akamai
Holiday Season 2010 – DDoS Attacks
Attacked eCommerce Web Sites Protected by Akamai
Averted $15M in Lost Revenue
Customer 1
Customer 2
Customer 3
Akamai Confidential
PROTECTED
Times Above
Normal Traffic
Peak Attack
Time (GMT)
Customer #1
9,095x
11/30
2PM
Customer #2
5,803x
12/1
2PM
Customer #3
3,115x
11/30
2PM
Customer #4
2,874x
12/1
1PM
Customer #5
1,807x
12/1
1PM
Highly distributed international DDoS attacks from AsiaPac, South America and Middle East
©2011 Akamai
Why?
Extortion / Theft
State Sponsored
Akamai Confidential
Political Hackitivism
Traditional Hackers: Glory Hounds
©2011 Akamai
Customer Telemetry – Q2 2011
During LOIC Attacks
Average response time during attack:
0.87 seconds.
Akamai Confidential
Availability during the LOIC attack: 100%
©2011 Akamai
Why?
Extortion / Theft
State Sponsored
Akamai Confidential
Political Hackitivism
Traditional Hackers: Glory Hounds
©2011 Akamai
Bitcoin
Akamai Confidential
©2011 Akamai
Let’s hold somebody ransom (the actual
ransom note)
Your site www.#####.de will be subjected to DDoS
attacks 100 Gbit/s.
Pay 100 btc(bitcoin) on the account
1ACFJHoB8Z3KDwDn6XdNTEJb6S7VsQiLZG
Do not reply to this email
Akamai Confidential
©2011 Akamai
BitCoin – The attack
Akamai Confidential
©2011 Akamai
Akamai’s response
Akamai Confidential
©2011 Akamai
FBI Attack Warning
The Tip ->
The Response ->
The Result ->
Akamai Confidential
©2011 Akamai
Download