Are you Ready for the Next Generation of DDoS Attacks?

Are you Ready for the Next Generation of DDoS Attacks?



At E-Crime Congress in Frankfurt, Germany, Radware Security Evangelist Werner Thalmeier shared his evaluation of the present DDoS landscape and offered predictions on what's to come. ...

At E-Crime Congress in Frankfurt, Germany, Radware Security Evangelist Werner Thalmeier shared his evaluation of the present DDoS landscape and offered predictions on what's to come.
Click through to learn more about cyberattack motivations, the trends and targets, what downtime really costs, and how you can start to prepare your organization. For even more information on Radware security, please visit:



Total Views
Views on SlideShare
Embed Views



4 Embeds 54 43 5 5 1


Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
Post Comment
Edit your comment

Are you Ready for the Next Generation of DDoS Attacks? Are you Ready for the Next Generation of DDoS Attacks? Presentation Transcript

  • Are you ready for the next generation of DDoS Attacks? Werner Thalmeier January 2014
  • Agenda • Introducing Radware • What has changed in the DDoS landscape – Motivation, impact and damages • DDoS attack tools and trends • What kind of technology is required to protect organizations against the next generation of DDoS attacks 2
  • About Radware Global Presence Over 10,000 Customers Framework for Applications Delivery and Cyber Security Virtual Datacenter Cloud solutions Mobile solutions SDN and NFV Infrastructure and Data Center Protection Recognized ADC Market Leader Strategy Strong Business Model Operating Margin & Cash Generation ADC Magic Quadrant 3
  • ARE YOU READY? In computing, a denial-of-service attack (DoS attack) or distributed denial-of-service attack (DDoS attack) is an attempt to make a machine or network resource unavailable to its intended users. -Wikipedia- 4
  • Notable DDoS Attacks 5
  • Recent DDoS Attacks Source: 6
  • Motivation behind DDoS Take a company out of business Create awareness and/or give bad reputation Use it as cover to steel Money or IP 7
  • DDoS Ring of Fire Source: Radware Global Application and Network Report 2013 Published Jan. 27, 2014) 8
  • How Likely Is It that Your Organization Will Be Attacked? Over half of the organizations believe their organization is likely to be attacked by cyber warfare. 65% 54 Unlikely 45% of organizations had an average of 3 DDoS attacks in Possiblepast 12 the 37% months Minutes average downtime during Likely Very likely 10% one DDoS8% attack Industry Security Survey How likely is it that your organization will be attacked by cyber warfare? 9
  • How Well Are You Prepared? 81% of organizations feel inadequately about protect themselves against cyber-warfare Very easily fight them 2% Well protected 17% No chance, significant impact 31% There will be some impact 50% Industry Security Survey - How well do you think you will survive a cyber warfare? 10
  • Root causes of unplanned data center outages Ponemon Research - 2013 Cost of Data Center Outages 11
  • Cost of Data Center Outage Total cost by primary root causes of unplanned outages $000 omitted Ponemon Research - 2013 Cost of Data Center Outages 12
  • Hacktivism – Move To Campaign-APT Oriented  Complex: More than seven different attack vectors at once  Blending: both network and application attacks  Targeteering: Select the most appropriate target, attack tools  Resourcing: Advertise, invite, coerce anyone capable …  Testing: Perform short “proof-firing” prior to the attack  Timeline: Establish the most painful time period for his victim 13
  • Attack Vectors: Increasing Complexity More than 50% of 2013 DDoS attacks had more than 5 attack vectors Source: Radware Global Application and Network Report 2013 (Published Jan. 27, 2014) 14
  • The Challenge - Hacktivism Becomes Persistent • Duration: 20 Days • More than 7 Attack vectors • “Inner cycle” involvement Attack target: Religious Website Sophistication • Duration: 3 Days • 5 Attack vectors • “Inner cycle” involvement • Attack target: Stock Exchange • Duration: 3 Days • 4 Attack vectors • Attack target: Payment Industry • Duration: 6 Days • 5 Attack vectors • “Inner cycle” involvement Attack target: Government sites Time 15
  • 2012 – 2013 Trend: Diversity of Attacks Source: Radware Global Application and Network Report 2013 (Published Jan. 27, 2014) 16
  • DDoS Infrastructure Changes 17
  • The Anonymous Arms Race Network Application Flood Low & Slow Vulnerability Based UDP Floods Dynamic HTTP RUDY Intrusion Attempts SYN Floods HTTPS Floods Slowloris SQL Injection Pyloris #refref Fragmented Floods FIN + ACK xerex
  • Attack Tool Trends R.U.D.Y. Highlights • • • Exploits a design weakness that became public in Nov 2010 A slow rate attack tool that can cause DoS with a relatively low amount of traffic generated Instead of sending the entire HTTP Post request at once, it sends one byte every 10 seconds making the connection last forever. It does it in parallel again and again over numerous connections until the server’s resources are exhausted. 19
  • DDoS - a real (underground) business Current prices on the Russian underground market: Hacking corporate mailbox: $500 Winlocker ransomware: $10-$20 Unintelligent exploit bundle: $25 Intelligent exploit bundle: $10-$3,000 Basic crypter (for inserting rogue code into benign file): $10-$30 SOCKS bot (to get around firewalls): $100 Hiring a DDoS attack: $30-$70 / day, $1,200 / month Botnet: $200 for 2,000 bots DDoS Botnet: $700 ZeuS source code: $200-$250 Windows rootkit (for installing malicious drivers): $292 Hacking Facebook or Twitter account: $130 Hacking Gmail account: $162 Email spam: $10 per one million emails Email scam (using customer database): $50-$500 per one million emails 20
  • …. and Sometimes the Hackers don’t have to Attack 21
  • 2013 Challenges: Bypassing Cloud based Protection Low & Slow attacks SSL encrypted attacks Botnet Enterprise Volumetric attacks Source: Radware Global Application and Network Report 2013 (Published Jan. 27, 2014) Cloud Scrubbing 22
  • Login Page Attacks are on the Rise 23
  • DNS Reflective Attacks Spread Increase from 10% in 2012 to zu 21% in 2013 Regular DNS replies. In DNS, a normal reply is x3-4 times larger than the request. Consequently, a normal request to a legitimate cached object can result in a reply that is x4 times larger. Researched replies. Hackers can study the DNS server and find which legitimate queries can result in large replies. In some cases, the amplification factor can reach up to x10 times of the original request. Crafted replies. An attacker can compromise a poorly-secured DNS server and ensure that his requests are answered with the maximum DNS reply message (4096 bytes). Using this approach, attackers can reach an amplification factor of up to x100. 3 attackers with a 5 Mbps internet connection can create an attack of 1.4 Gbps DNS Reflective Attack. 24
  • The Inconvenient Truth Which services or network elements are (or have been) the bottleneck of DoS? 35 30 25 Your Firewall & IPS CANNOT protect from DDoS attacks 20 The three entities that are consistently the bottlenecks in 15 DoS/DDoS attacks are: • The server under attack 10 • The firewall •5 The internet pipe 2011 2012 2013 0 Internet Pipe Firewall IPS / DSS ADC Server SQL Server 25
  • Analyst View • With the prevalence and duration of attacks on the rise, organizations need to take steps to protect their infrastructure from the advanced methods being employed. Despite the fact that volumetric-based attacks will remain the most common, more advanced hybrid attacks that include application layer and encrypted traffic in addition to volumetric methods will also grow, spurring growth in the use of on-premise equipment. I D C T E C H N O L O G Y S P O T L I G H T - Optimizing DDoS Mitigation Using Hybrid Approaches • Gartner expects high-bandwidth DDoS attacks to continue and to increase in frequency in 2013. Gartner also expects that at least 25% of DDoS attacks will be application-based, in which attackers send targeted commands to applications to tax CPU and memory and make the application unavailable. GARTNER 26
  • Mapping Security Protection Tools In the cloud DDoS protection DoS protection Behavioral analysis SSL protection UDP Garbage flood on ports 80 and 443 IPS ICMP flood attacks WAF To fight back you need: • • SYN/TCP OOS flood attacks Server cracking An integrated solution with all security technologies attacks Business SSL/TLS negotiation attacks Mitigate attacks beyond the perimeter HTTP flood attack HTTPS flood attack Web attacks: XSS, SQL Injection, Brute force 27
  • Attack Mitigation System Unique Solution Benefits • Network DDoS • SYN Floods • HTTP Floods • SSL Floods • Server cracking • Detects all types of SSL encrypted attacks • Non-vulnerable mitigation architecture • Legitimate transactions go through without decryption In the cloud Perimeter • Lowest latency approach Front-End • FIPS compliant & common criteria certified solution • Single vendor, integrated management • Detect where you can • Mitigate where you should • Optimize mitigation scalability Alteon Internet • Web attacks • Application misuse • Application connection overflow Protected Organization 28
  • Thank You