Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Economical Denial of Sustainability in the Cloud (EDOS)


Published on

Raluca Stanciu in Bucharest, Romania on November 8-9th 2018 at DefCamp #9.

The videos and other presentations can be found on

Published in: Technology
  • Be the first to comment

  • Be the first to like this

Economical Denial of Sustainability in the Cloud (EDOS)

  1. 1. EDoS in the Cloud(Economical Denial of Service) Raluca Stanciu - BullGuard
  2. 2. So… 11 hours 1.2Tbps Losses???
  3. 3. EDoS?
  4. 4. DDoS – a serious threat. Why? 2016: 1,5 million hijacked wireless cameras  1-Tbps DDoS attack In 2017: the first Android botnet (WireX) = 150.000 infected devices BOTNETS
  5. 5. Attack numbers? 20,000 daily attacks source: DDoSMon (2017) $2.5 million DDoS costs per company source: Neustar (2016-2017)
  6. 6. Examples: Victim company When Attack peak size Attack duration Other details Undisclosed customer of a U.S.- based service provider March 2018 1.7Tbps _ • Largest attack known until now • Amplification attack. GitHub February 2018 1.35Tbps 10 minutes • Memcached-Servers amplification attack Microsoft’s and Sony’s online gaming services (PSN and Xbox) Christmas 2014 _ 2 days for Microsoft 3 days for Sony • The attack took down entirely Microsoft’s and Sony’s online gaming services. • Millions of users were unable to play online games or access entertainment channels Runescape, a gaming platform 2014 _ _ • Spent £6 million trying to defend against the DDOS attack. Rackspace, a Cloud service provider 2014 _ 11 hours
  7. 7.
  8. 8. Ok. DDoS. Methods? Log-in attacks Egress data attacks
  9. 9. Reflection attacks 2018 : GitHub attack - 1.35 Tbps Unprecendented amplication factor  51,000x
  10. 10. DDoS attack strategy *source: DDOSMON
  11. 11. DDoS protection in Cloud. How? 1h of downtime = How much revenue loss ? NO ACCESS to the physical network infrastructure DDoS Protection as a Service
  12. 12. What’s the best you can do with DDoSPaaS? 1.Reduce attack surface 2.Be ready to scale 3.Architect for resilience. 4. Register for live support service Time-to-mitigation = MONEY
  13. 13. 1. Reduce attack surface Expose ONLY if necessary If exposed, protect, protect, PROTECT!Cloud storage resources  Access Control Lists Ports  Firewall rules Anti-spoofing protection VPC network configuration VPC Administrative Console  Identity Access Management Internal traffic  Isolated: • Public IP only if needed • NAT Gateway • Internal Load Balancing: for your internal client instances accessing internally deployed services thereby avoiding exposure to the external world. You have API Frontend exposed to the public  The API frontend is can be DDoS attacked and expose resources also => use the Cloud provider’s API Gateway as a “front door”
  14. 14. 2. Be ready to scale Elastic Load Balancing  scales automatically at need => can manage larger volumes 1. Application Load Balancer  routes traffic based on its content and accepts only well-formed web requests => it blocks SYN floods, UDP reflection attacks and others 2. Network Load Balancer  For TCP-based applications, you can use NLB to route traffic to Amazon EC2 instances at ultralow latency Elastic IP Addresses  Static IPv4 address designed for dynamic cloud computing. If the assigned instance fails, it is remapped to another instance Proper Elastic Computer type (resources-wise)  ex: 25Gb NIC & Enhanced Networking Choose a SLA with automatic scaling  horizontally: add instances; vertically: use larger instances
  15. 15. 3. Architect for resiliance
  16. 16. Limit, limit, limit!!! per-IP request count per-IP connection count count of users who can make requests to your application Choose a product which can properly protect detect both bad AND GOOD traffic (what if your web service has a legit spike of clients?) Costs!!!! Hidden or not!!! In the Cloud, even a sneeze costs! Cloud-provided regions  performance, data sovereignty, optimal latency Shared Responsibility Model !!! Differences between the DDoS protection products DDoSPaaS – Other MUSTS
  17. 17. • Understand the differences between Cloud DDoS protection services
  18. 18. *Third party DDoSPaaS Akamai  helped protect against the 2018 1.35 TB attack against GitHub Blockchain DDoS mitigation
  19. 19. Conclusion? Anything which has an IP address CAN and WILL be used against you!