Stock Exchanges in the Line of Fire-Morphology of Cyber Attacks

1,279 views

Published on

Stock exchanges are constantly targeted by cyber attacks. This presentation discusses several real life attacks cases studies discussing attack vectors, motivations, impacts and mitigation techniques.

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
1,279
On SlideShare
0
From Embeds
0
Number of Embeds
3
Actions
Shares
0
Downloads
24
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Stock Exchanges in the Line of Fire-Morphology of Cyber Attacks

  1. 1. Session ID: HT-R33Session Classification: Intermediate
  2. 2. ►►►►►►►►►
  3. 3. ►►►
  4. 4. Network Impact SeverBusiness Impact Sever
  5. 5. Attack Confirmed Pipe FW WebVector Satur- Measurement CPU Server ation 100% OutageUDP Flood 44 Mbps X XHTTP Flood 40K Concurrent Con. X XEmpty Connection Flood 5.2K PPS X XFIN+ACK 4 Mbps X X
  6. 6. “Stock exchange hit by hackers” “Attack on stockexchange triggers halt in trade”
  7. 7. Network Impact LowBusiness Impact None
  8. 8. “Stock exchange IT have been workingintensively to resolve all issues” “Experts successfully implemented a protection against the attacks”“Additional measureswere taken such as aredundant New Site”
  9. 9. Network Impact None Business Impact None
  10. 10. Legitimate traffic monitoringTCP connection flood detection and mitigated immediately
  11. 11. Network Impact NoneBusiness Impact None
  12. 12. Attack begins but quickly mitigated
  13. 13. ► ►►►►
  14. 14. Psychological Impact Static Content HTTP Flood Trade Trade/Financial Disruption Announcements Firewall L3 Router Internet Pipe Trading API
  15. 15. Psychological Impact Static Content UDP Flood Trade Trade/Financial Disruption Announcements Firewall L3 Router Internet Pipe Trading API
  16. 16. Psychological Impact Static Content SYN Flood Trade Trade/Financial Disruption Announcements Firewall L3 Router Internet Pipe Trading API
  17. 17. Protection HTTP Flood UDP Flood SYN FloodStock Exchange
  18. 18. Protection HTTP Flood UDP Flood SYN FloodStock Exchange
  19. 19. Protection HTTP Flood Attackers will UDP Flood eventually findthe weakest link! SYN Flood Stock Exchange Slow Rate Flood Image Download Flood
  20. 20. Political/Hacktivist’s Bull’s Eye (Realistic)
  21. 21. Legitimate Bypass CDNAttack Directly
  22. 22. ► ►
  23. 23. Pragma: no-cache
  24. 24. ►►►►►
  25. 25. AttackHeads Up Reconnaissance Test Fire Begins Service Service Disruption Disruption Automatic Manual New Attack Mitigation Mitigation Mitigation Vectors ContinuedAttack Ends Forensic
  26. 26. Attack Attack Period Period“Peace” “Peace” Period Period TimePre-attack Post-attack Phase Pre-attack Phase Phase Automatic Mitigation (no time for human interaction)
  27. 27. THE SECURITY GAP Attacker has time to bypass automatic mitigation. Defenders have no skill/capacity to sustain it.“Peace” Period “Peace” Period Attack Period Pre-attack Post-attack Phase Phase
  28. 28. 45% 40% 35% 30% Procedures 25% 20% Human skills 15% Equipment 10% 5% 0% Before During AfterRadware 2012 Global Application and Network Security Report
  29. 29. Be prepared for prolonged attacks! THE SECURITY GAP Attacker has time to bypass automatic mitigation.“Peace” Period Defenders have no skill/capacity to sustain it. “Peace” Period Attack Period Pre-attack Post-attack Phase Phase
  30. 30. Counterattack RT IntelActive Mitigation 24x7x365 Trained Experienced
  31. 31. ►►►
  32. 32. ►►►

×