Radware Global Application & Network Security Report 2013

  • 1,729 views
Uploaded on

The 2013 Global Application and Network Security Report provides insight to help detect, mitigate and win the extended and persistent DoS/DDoS battle. Click through the key findings for cyber …

The 2013 Global Application and Network Security Report provides insight to help detect, mitigate and win the extended and persistent DoS/DDoS battle. Click through the key findings for cyber security statistics, trends, tools and information on the year's most notable attacks. To download the full report, please visit: http://www.radware.com/ert-report-2013/

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
No Downloads

Views

Total Views
1,729
On Slideshare
0
From Embeds
0
Number of Embeds
3

Actions

Shares
Downloads
35
Comments
0
Likes
1

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. January 2014
  • 2. Cyber Security Statistics About the 2013 Report Key Findings & Trends Attack Tools Trends Notable Attacks Recommendations AGENDA
  • 3. DoS/DDoS – Most Common Cyber Attack Malware iFrame Injection 1% 3% Other DNS Hijacking 7% 3% DDoS 28% Targeted attack (Various tools) 7% Account Hijacking 11% Defacement 17% SQLi 23% Source: 2013 Cyber Attacks Trends, Hackmagedon 3
  • 4. DoS/DDoS – Most Common Cyber Attack Malware iFrame Injection 1% 3% Other DNS Hijacking 7% 3% DDoS 28% Targeted attack (Various tools) 7% 28% Account Hijacking 11% Defacement 17% of all cyber attacks in 2013 involved a DoS/DDoS attack. SQLi 23% Source: 2013 Cyber Attacks Trends, Hackmagedon 4
  • 5. DDOS and Unplanned Outages in 2013 UPS system failure Accidental/human error Cyber crime (DDoS) Weather related 2010 2013 Water, heat or CRAC failure Generator failure IT equipment failure Other 0% 5% 10% 15% 20% 25% 30% Source: “2013 Cost of Data Center Outages”, Ponemon Institute, Dec. 2013 35% 5
  • 6. DDOS and Unplanned Outages in 2013 UPS system failure Root Causes Accidental/human error of Unplanned Outages Cyber crime (DDoS) Weather related 18% Water, heat or CRAC failure Generator failure of unplanned outages in 2013 were due to DoS/DDoS attacks. 2010 2013 IT equipment failure Other 0% 5% 10% 15% 20% 25% 30% Source: “2013 Cost of Data Center Outages”, Ponemon Institute, Dec. 2013 35% 6
  • 7. Cost of a DoS/DDoS Outage IT equipment failure Cyber crime (DDoS) UPS system failure 2010 2013 Water, heat or CRAC failure Generator failure Weather related $0 $200 $400 $600 $800 $1,000 $1,200 Source: “2013 Cost of Data Center Outages”, Ponemon Institute, Dec. 2013 7
  • 8. Cost of a DoS/DDoS Outage IT equipment failure Cost of unplanned outage Cyber crime (DDoS) $822,000 UPS system failure 2010 2013 Water, heat or CRAC failure Cost of Generator failure a single DoS/DDoS attack that causes unplanned outage. Weather related $0 $200 $400 $600 $800 $1,000 $1,200 Source: “2013 Cost of Data Center Outages”, Ponemon Institute, Dec. 2013 8
  • 9. Cyber Security Statistics About the 2013 Report Key Findings & Trends Attack Tools Trends Notable Attacks Recommendations AGENDA
  • 10. Methodology and Sources Security Industry Survey – External survey – 198 participants – 93.8% are not using Radware DoS/DDoS mitigation solution Security Executive Survey – External survey – 15 participants Radware’s Emergency Response Team (ERT) 2013 Cases – Unique visibility into attacks behavior – Attacks seen real-time on daily basis – More than 300 cases analyzed • Customer identity remains undisclosed 10
  • 11. Cyber Security Statistics About the 2013 Report Key Findings & Trends Attack Tools Trends Notable Attacks Recommendations AGENDA
  • 12. The Unseen DoS/DDoS Attacks – Key Findings • 60% of attacks result in service degradation – Organizations’ attention is on the outage cases – Web application slowness and degradation of service has devastating outcomes • ERT has identified a new set of attacks called “Web Stealth” – Availability based attacks targeting the Web application – Harder to detect by traditional network security and DoS/DDoS mitigation tools • Attackers shorten the time in takes them to bypass mitigation tools 12
  • 13. Feb/July 2013 USA Operation Ababil March 2013 The Netherlands Spamhaus November 2013 Ukraine & Baltic Countries Operation “Opindependence” The biggest DDoS attack ever Targeting financial institutions August 2013 Syria Syrian Electronic Army attacking US media outlets June 2013 South Korea South Korea governement websites under attacks July 2013 Colombia The Colombian Independence Day Attack 13
  • 14. DoS/DDoS Ring of Fire 14
  • 15. Attack Risk Score 15
  • 16. Radware DoS/DDoS Risk Score Attack Duration Attack Vectors Attack Complexity S1 16
  • 17. Attack Length: Increasing Duration 17
  • 18. DDoS Attacks are Not Singular Events 18
  • 19. Attack Vectors: Increasing Complexity 19
  • 20. Attackers Shorten Time to Bypass Mitigation Tools “Peace” Period Pre-attack Phase Post-attack Phase Pre-attack Phase Post-attack Phase 20
  • 21. 2013 Attack Vectors More than 50% of 2013 DDoS attacks had more than 5 attack vectors. 21
  • 22. 2012 – 2013 Trend: Diversity of Attacks 22
  • 23. Web Stealth Attacks • • More than HTTP floods Dynamic IP addresses – High distributed attack – Attacks using Anonymizers / Proxy – Attacks passing CDNs • • • Attacks that are being obfuscated by SSL Attacks with the ability to pass C/R Attacks that use low-traffic volume but saturate servers’ resources 23
  • 24. Web Stealth Attacks • • Flood of Search requests will look legitimate to network protection tools Creates resource saturation on app-server Attacks on Login Pages are destructive • Based on SSL • No load-balancing yet 24
  • 25. Bypassing CDN Protection Botnet Enterprise GET www.enterprise.com/?[Random] CDN 25
  • 26. Network Topology and DDoS Attacks Server components that are likely to be attacked by DDoS attacks. 26
  • 27. DDoS Attacks Results Public attention 27
  • 28. DDoS Attacks Results Public attention Results of one-second delay in Web page results 3.5% 2.1% 9.4% 8.3% decrease in conversion rate decrease in shopping cart size decrease in page views increase in bounce rate Source: Strangeloop Networks, Case Study: The impact of HTML delay on mobile business metrics, November 2011 28
  • 29. Organizations are Adapting DDoS Mitigation Tools 29
  • 30. Organizations are Adapting DDoS Mitigation Tools Only 29% of organizations surveyed do not have plans to deploy DDoS mitigation tools in 2014. 30
  • 31. Cyber Security Statistics About the 2013 Report Key Findings & Trends Attack Tools Trends Notable Attacks Recommendations AGENDA
  • 32. HTTPS Based Attacks • • • • HTTPS based attacks are on the rise SSL traffic is not terminated by DDoS cloud scrubbers or DDoS solutions SSL traffic is terminated by ADC or web server SSL attacks hit their target and bypass security solutions 32
  • 33. DNS Based Attacks • Most frequently used attack vector • Amplification affect • • • Regular DNS replies: in DNS – a normal reply is 3-4 times larger than the request Researched replies – can reach up to 10 times the original request Crafted replies – attacker compromises a DNS server and ensures requests are answered with the maximum DNS reply message (4096 bytes) - amplification factor of up to 100 times 33
  • 34. DNS Based Attacks – The Recursive Attack 34
  • 35. Login Page Attacks 40% of organizations have been attacked by Login Page attack in 2013. 35
  • 36. Web Stealth Attacks Attacks on Login Pages are Destructive • Based on SSL • No load-balancing yet 36
  • 37. Implications of Login Page Attacks 37
  • 38. Cyber Security Statistics About the 2013 Report Key Findings & Trends Attack Tools Trends Notable Attacks Recommendations AGENDA
  • 39. “Innocence of Muslims” Movie July 12, 2012 “Innocence of Muslims” trailer released on YouTube September 11, 2012 World-wide protest against the movie resulting in the deaths of 50 people 39
  • 40. Operation Ababil Background 40
  • 41. Operation Ababil Group name is “Izz ad-din The cyber attack is an act to stop the movie Al qassam cyber fighters” First targets • • Bank of America NYSE 41
  • 42. Operation Ababil Timeline 42
  • 43. Operation Ababil Target Organizations Financial Service Providers 43
  • 44. Operation Ababil Attack Vectors 44
  • 45. Overcoming HTTP Challenges 302 Redirect Challenge JS Challenge Special Challenge Kamikaze Pass Not pass Not pass Kamina Pass Not pass Not pass Terminator Pass Pass Not pass Script 45
  • 46. Operation Op Columbian • Large scale cyber attack held on July 20,2013 • Colombian Independence • Largest cyber attacks, ever • Attack against 30 Colombian government websites • Attacker: Columbian Hackers • Known hacker collective group • Group used Twitter to communicate Government 46
  • 47. Op Colombia Attack Vectors Web Stealth Application Directory traversal Brute force SQL Injection Network SYN floods HTTP Flood UDP floods ICMP floods 47
  • 48. Spamhaus Attack • Nine day volumetric attack • Broke the ceiling of 100 GBPs • Attack reached bandwidth of 300 GBPs • Target: Anti-spam organization providing Internet service • Attacker: CyberBunker and Sven Olaf Kamphuis Internet Service Provider 48
  • 49. Spamhaus Attack Vectors 49
  • 50. Cyber Security Statistics About the 2013 Report Key Findings & Trends Attack Tools Trends Notable Attacks Recommendations AGENDA
  • 51. DDoS Mitigation Selection Criteria Time to protection • The cost of a DDoS attack is significant • The sooner the attack is over, the sooner the revenue loss will stop Attacks coverage • Attackers are using a plethora of attack vectors • More than 50% of attacks include more than 5 vectors Single point of contact in case of attack • Attacks are becoming longer and require manual operations to mitigate 51
  • 52. Recommendations • • • • • Acquire capabilities to sustain long attacks Train a team that is ready to respond to persistent attacks Deploy the most up-to-date methodologies and tools 24/7 availability to respond to attacks Deploy counterattack techniques to cripple an attack 52
  • 53. Thank You www.radware.com