January 2014
Cyber Security Statistics
About the 2013 Report

Key Findings & Trends
Attack Tools Trends

Notable Attacks
Recommendation...
DoS/DDoS – Most Common Cyber Attack
Malware iFrame Injection
1%
3%
Other
DNS Hijacking
7%
3%
DDoS
28%

Targeted attack
(Va...
DoS/DDoS – Most Common Cyber Attack
Malware iFrame Injection
1%
3%
Other
DNS Hijacking
7%
3%
DDoS
28%

Targeted attack
(Va...
DDOS and Unplanned Outages in 2013
UPS system failure
Accidental/human error
Cyber crime (DDoS)
Weather related

2010
2013...
DDOS and Unplanned Outages in 2013
UPS system failure

Root Causes
Accidental/human error

of
Unplanned Outages
Cyber crim...
Cost of a DoS/DDoS Outage

IT equipment failure
Cyber crime (DDoS)

UPS system failure
2010
2013

Water, heat or CRAC fail...
Cost of a DoS/DDoS Outage

IT equipment failure

Cost of unplanned outage

Cyber crime (DDoS)

$822,000

UPS system failur...
Cyber Security Statistics
About the 2013 Report

Key Findings & Trends
Attack Tools Trends

Notable Attacks
Recommendation...
Methodology and Sources
Security Industry Survey
– External survey
– 198 participants
– 93.8% are not using Radware
DoS/DD...
Cyber Security Statistics
About the 2013 Report

Key Findings & Trends
Attack Tools Trends

Notable Attacks
Recommendation...
The Unseen DoS/DDoS Attacks – Key Findings
•

60% of attacks result in service degradation
– Organizations’ attention is o...
Feb/July 2013
USA
Operation Ababil

March 2013
The Netherlands
Spamhaus

November 2013
Ukraine & Baltic Countries
Operatio...
DoS/DDoS Ring of Fire

14
Attack Risk Score

15
Radware DoS/DDoS Risk Score

Attack Duration

Attack Vectors

Attack Complexity

S1
16
Attack Length: Increasing Duration

17
DDoS Attacks are Not Singular Events

18
Attack Vectors: Increasing Complexity

19
Attackers Shorten Time to Bypass Mitigation Tools

“Peace” Period

Pre-attack
Phase

Post-attack
Phase

Pre-attack
Phase

...
2013 Attack Vectors

More than 50% of 2013 DDoS attacks
had more than 5 attack vectors.

21
2012 – 2013 Trend: Diversity of Attacks

22
Web Stealth Attacks
•
•

More than HTTP floods
Dynamic IP addresses
– High distributed attack
– Attacks using Anonymizers ...
Web Stealth Attacks

•
•

Flood of Search requests will look legitimate
to network protection tools
Creates resource satur...
Bypassing CDN Protection

Botnet

Enterprise

GET www.enterprise.com/?[Random]

CDN
25
Network Topology and DDoS Attacks

Server components that are likely to be attacked by DDoS attacks.
26
DDoS Attacks Results

Public attention

27
DDoS Attacks Results

Public attention

Results of one-second delay in
Web page results

3.5%
2.1%
9.4%
8.3%

decrease in ...
Organizations are Adapting DDoS Mitigation Tools

29
Organizations are Adapting DDoS Mitigation Tools

Only 29% of organizations surveyed do

not have plans to deploy DDoS
mit...
Cyber Security Statistics
About the 2013 Report

Key Findings & Trends
Attack Tools Trends

Notable Attacks
Recommendation...
HTTPS Based Attacks
•
•
•
•

HTTPS based attacks are on the rise
SSL traffic is not terminated by DDoS cloud scrubbers or ...
DNS Based Attacks
• Most frequently used attack vector
• Amplification affect
•
•
•

Regular DNS replies: in DNS – a norma...
DNS Based Attacks – The Recursive Attack

34
Login Page Attacks

40% of organizations have been attacked by
Login Page attack in 2013.

35
Web Stealth Attacks

Attacks on Login Pages are
Destructive
• Based on SSL
• No load-balancing yet

36
Implications of Login Page Attacks

37
Cyber Security Statistics
About the 2013 Report

Key Findings & Trends
Attack Tools Trends

Notable Attacks
Recommendation...
“Innocence of Muslims” Movie

July 12, 2012
“Innocence of Muslims”
trailer released on YouTube

September 11, 2012
World-w...
Operation Ababil Background

40
Operation Ababil

Group name is “Izz ad-din
The cyber attack
is an act to stop
the movie

Al qassam cyber fighters”

First...
Operation Ababil Timeline

42
Operation Ababil Target Organizations

Financial Service Providers

43
Operation Ababil Attack Vectors

44
Overcoming HTTP Challenges

302 Redirect
Challenge

JS Challenge

Special Challenge

Kamikaze

Pass

Not pass

Not pass

K...
Operation Op Columbian
• Large scale cyber attack held on July 20,2013
• Colombian Independence
• Largest cyber attacks, e...
Op Colombia Attack Vectors

Web
Stealth

Application

Directory
traversal

Brute force
SQL
Injection

Network
SYN
floods

...
Spamhaus Attack
• Nine day volumetric attack
• Broke the ceiling of 100 GBPs
• Attack reached bandwidth of 300 GBPs
• Targ...
Spamhaus Attack Vectors

49
Cyber Security Statistics
About the 2013 Report

Key Findings & Trends
Attack Tools Trends

Notable Attacks
Recommendation...
DDoS Mitigation Selection Criteria

Time to protection
• The cost of a DDoS attack is significant
• The sooner the attack ...
Recommendations

•
•
•
•
•

Acquire capabilities to sustain long attacks
Train a team that is ready to respond to persiste...
Thank You

www.radware.com
Upcoming SlideShare
Loading in …5
×

Radware Global Application & Network Security Report 2013

2,860 views

Published on

The 2013 Global Application and Network Security Report provides insight to help detect, mitigate and win the extended and persistent DoS/DDoS battle. Click through the key findings for cyber security statistics, trends, tools and information on the year's most notable attacks. To download the full report, please visit: http://www.radware.com/ert-report-2013/

Published in: Technology, News & Politics
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
2,860
On SlideShare
0
From Embeds
0
Number of Embeds
351
Actions
Shares
0
Downloads
49
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

Radware Global Application & Network Security Report 2013

  1. 1. January 2014
  2. 2. Cyber Security Statistics About the 2013 Report Key Findings & Trends Attack Tools Trends Notable Attacks Recommendations AGENDA
  3. 3. DoS/DDoS – Most Common Cyber Attack Malware iFrame Injection 1% 3% Other DNS Hijacking 7% 3% DDoS 28% Targeted attack (Various tools) 7% Account Hijacking 11% Defacement 17% SQLi 23% Source: 2013 Cyber Attacks Trends, Hackmagedon 3
  4. 4. DoS/DDoS – Most Common Cyber Attack Malware iFrame Injection 1% 3% Other DNS Hijacking 7% 3% DDoS 28% Targeted attack (Various tools) 7% 28% Account Hijacking 11% Defacement 17% of all cyber attacks in 2013 involved a DoS/DDoS attack. SQLi 23% Source: 2013 Cyber Attacks Trends, Hackmagedon 4
  5. 5. DDOS and Unplanned Outages in 2013 UPS system failure Accidental/human error Cyber crime (DDoS) Weather related 2010 2013 Water, heat or CRAC failure Generator failure IT equipment failure Other 0% 5% 10% 15% 20% 25% 30% Source: “2013 Cost of Data Center Outages”, Ponemon Institute, Dec. 2013 35% 5
  6. 6. DDOS and Unplanned Outages in 2013 UPS system failure Root Causes Accidental/human error of Unplanned Outages Cyber crime (DDoS) Weather related 18% Water, heat or CRAC failure Generator failure of unplanned outages in 2013 were due to DoS/DDoS attacks. 2010 2013 IT equipment failure Other 0% 5% 10% 15% 20% 25% 30% Source: “2013 Cost of Data Center Outages”, Ponemon Institute, Dec. 2013 35% 6
  7. 7. Cost of a DoS/DDoS Outage IT equipment failure Cyber crime (DDoS) UPS system failure 2010 2013 Water, heat or CRAC failure Generator failure Weather related $0 $200 $400 $600 $800 $1,000 $1,200 Source: “2013 Cost of Data Center Outages”, Ponemon Institute, Dec. 2013 7
  8. 8. Cost of a DoS/DDoS Outage IT equipment failure Cost of unplanned outage Cyber crime (DDoS) $822,000 UPS system failure 2010 2013 Water, heat or CRAC failure Cost of Generator failure a single DoS/DDoS attack that causes unplanned outage. Weather related $0 $200 $400 $600 $800 $1,000 $1,200 Source: “2013 Cost of Data Center Outages”, Ponemon Institute, Dec. 2013 8
  9. 9. Cyber Security Statistics About the 2013 Report Key Findings & Trends Attack Tools Trends Notable Attacks Recommendations AGENDA
  10. 10. Methodology and Sources Security Industry Survey – External survey – 198 participants – 93.8% are not using Radware DoS/DDoS mitigation solution Security Executive Survey – External survey – 15 participants Radware’s Emergency Response Team (ERT) 2013 Cases – Unique visibility into attacks behavior – Attacks seen real-time on daily basis – More than 300 cases analyzed • Customer identity remains undisclosed 10
  11. 11. Cyber Security Statistics About the 2013 Report Key Findings & Trends Attack Tools Trends Notable Attacks Recommendations AGENDA
  12. 12. The Unseen DoS/DDoS Attacks – Key Findings • 60% of attacks result in service degradation – Organizations’ attention is on the outage cases – Web application slowness and degradation of service has devastating outcomes • ERT has identified a new set of attacks called “Web Stealth” – Availability based attacks targeting the Web application – Harder to detect by traditional network security and DoS/DDoS mitigation tools • Attackers shorten the time in takes them to bypass mitigation tools 12
  13. 13. Feb/July 2013 USA Operation Ababil March 2013 The Netherlands Spamhaus November 2013 Ukraine & Baltic Countries Operation “Opindependence” The biggest DDoS attack ever Targeting financial institutions August 2013 Syria Syrian Electronic Army attacking US media outlets June 2013 South Korea South Korea governement websites under attacks July 2013 Colombia The Colombian Independence Day Attack 13
  14. 14. DoS/DDoS Ring of Fire 14
  15. 15. Attack Risk Score 15
  16. 16. Radware DoS/DDoS Risk Score Attack Duration Attack Vectors Attack Complexity S1 16
  17. 17. Attack Length: Increasing Duration 17
  18. 18. DDoS Attacks are Not Singular Events 18
  19. 19. Attack Vectors: Increasing Complexity 19
  20. 20. Attackers Shorten Time to Bypass Mitigation Tools “Peace” Period Pre-attack Phase Post-attack Phase Pre-attack Phase Post-attack Phase 20
  21. 21. 2013 Attack Vectors More than 50% of 2013 DDoS attacks had more than 5 attack vectors. 21
  22. 22. 2012 – 2013 Trend: Diversity of Attacks 22
  23. 23. Web Stealth Attacks • • More than HTTP floods Dynamic IP addresses – High distributed attack – Attacks using Anonymizers / Proxy – Attacks passing CDNs • • • Attacks that are being obfuscated by SSL Attacks with the ability to pass C/R Attacks that use low-traffic volume but saturate servers’ resources 23
  24. 24. Web Stealth Attacks • • Flood of Search requests will look legitimate to network protection tools Creates resource saturation on app-server Attacks on Login Pages are destructive • Based on SSL • No load-balancing yet 24
  25. 25. Bypassing CDN Protection Botnet Enterprise GET www.enterprise.com/?[Random] CDN 25
  26. 26. Network Topology and DDoS Attacks Server components that are likely to be attacked by DDoS attacks. 26
  27. 27. DDoS Attacks Results Public attention 27
  28. 28. DDoS Attacks Results Public attention Results of one-second delay in Web page results 3.5% 2.1% 9.4% 8.3% decrease in conversion rate decrease in shopping cart size decrease in page views increase in bounce rate Source: Strangeloop Networks, Case Study: The impact of HTML delay on mobile business metrics, November 2011 28
  29. 29. Organizations are Adapting DDoS Mitigation Tools 29
  30. 30. Organizations are Adapting DDoS Mitigation Tools Only 29% of organizations surveyed do not have plans to deploy DDoS mitigation tools in 2014. 30
  31. 31. Cyber Security Statistics About the 2013 Report Key Findings & Trends Attack Tools Trends Notable Attacks Recommendations AGENDA
  32. 32. HTTPS Based Attacks • • • • HTTPS based attacks are on the rise SSL traffic is not terminated by DDoS cloud scrubbers or DDoS solutions SSL traffic is terminated by ADC or web server SSL attacks hit their target and bypass security solutions 32
  33. 33. DNS Based Attacks • Most frequently used attack vector • Amplification affect • • • Regular DNS replies: in DNS – a normal reply is 3-4 times larger than the request Researched replies – can reach up to 10 times the original request Crafted replies – attacker compromises a DNS server and ensures requests are answered with the maximum DNS reply message (4096 bytes) - amplification factor of up to 100 times 33
  34. 34. DNS Based Attacks – The Recursive Attack 34
  35. 35. Login Page Attacks 40% of organizations have been attacked by Login Page attack in 2013. 35
  36. 36. Web Stealth Attacks Attacks on Login Pages are Destructive • Based on SSL • No load-balancing yet 36
  37. 37. Implications of Login Page Attacks 37
  38. 38. Cyber Security Statistics About the 2013 Report Key Findings & Trends Attack Tools Trends Notable Attacks Recommendations AGENDA
  39. 39. “Innocence of Muslims” Movie July 12, 2012 “Innocence of Muslims” trailer released on YouTube September 11, 2012 World-wide protest against the movie resulting in the deaths of 50 people 39
  40. 40. Operation Ababil Background 40
  41. 41. Operation Ababil Group name is “Izz ad-din The cyber attack is an act to stop the movie Al qassam cyber fighters” First targets • • Bank of America NYSE 41
  42. 42. Operation Ababil Timeline 42
  43. 43. Operation Ababil Target Organizations Financial Service Providers 43
  44. 44. Operation Ababil Attack Vectors 44
  45. 45. Overcoming HTTP Challenges 302 Redirect Challenge JS Challenge Special Challenge Kamikaze Pass Not pass Not pass Kamina Pass Not pass Not pass Terminator Pass Pass Not pass Script 45
  46. 46. Operation Op Columbian • Large scale cyber attack held on July 20,2013 • Colombian Independence • Largest cyber attacks, ever • Attack against 30 Colombian government websites • Attacker: Columbian Hackers • Known hacker collective group • Group used Twitter to communicate Government 46
  47. 47. Op Colombia Attack Vectors Web Stealth Application Directory traversal Brute force SQL Injection Network SYN floods HTTP Flood UDP floods ICMP floods 47
  48. 48. Spamhaus Attack • Nine day volumetric attack • Broke the ceiling of 100 GBPs • Attack reached bandwidth of 300 GBPs • Target: Anti-spam organization providing Internet service • Attacker: CyberBunker and Sven Olaf Kamphuis Internet Service Provider 48
  49. 49. Spamhaus Attack Vectors 49
  50. 50. Cyber Security Statistics About the 2013 Report Key Findings & Trends Attack Tools Trends Notable Attacks Recommendations AGENDA
  51. 51. DDoS Mitigation Selection Criteria Time to protection • The cost of a DDoS attack is significant • The sooner the attack is over, the sooner the revenue loss will stop Attacks coverage • Attackers are using a plethora of attack vectors • More than 50% of attacks include more than 5 vectors Single point of contact in case of attack • Attacks are becoming longer and require manual operations to mitigate 51
  52. 52. Recommendations • • • • • Acquire capabilities to sustain long attacks Train a team that is ready to respond to persistent attacks Deploy the most up-to-date methodologies and tools 24/7 availability to respond to attacks Deploy counterattack techniques to cripple an attack 52
  53. 53. Thank You www.radware.com

×