Q3 2014 State of the Internet - Security Report -- Attack Spotlight

•Download as PPTX, PDF•

0 likes•1,372 views

Longer attacks and more bandwidth consumption were a leading DDoS trend in Q3 2014. View this short presentation about a major DDoS attack campaign that exemplifies this DDoS trend, and then get all the details from the full Q3 2014 State of the Internet – Security report.

Technology

stateoftheinternet.com
[Q3 2014]
Spotlight on a 321 Gbps Attack

= high-bandwidth attack on entertainment firm
• 10 distinct attacks over a one-week period
• 8 of 10 attack campaigns were high-bandwidth (100+
Gbps)
• Peak bandwidth of the largest attack: 321 Gbps (a record)
• This multi-vector attack hit:
⁄ Layer 7 (application layer)
⁄ Layer 3 (infrastructure layer)
• All attacks were successfully mitigated by Akamai
• Source IP addresses remain under watch
2 / [state of the internet] / security (Q3 2014)

= timeline of attacks
• Attackers targeted an Akamai customer and Akamai’s DDoS
mitigation infrastructure
• First attacks hit a customer’s web server
⁄ First and third attacks exceeded 100 Gbps
• Next attack targeted an Akamai-owned network block protecting
the target
⁄ Peak 321-Gbps attack aimed at bypassing DDoS mitigation technology or
causing it to fail
• After failing to bypass DDoS protections, attacks resumed on
the customer’s website
• Attacks persisted from July 12 to July 20, averaging 90 hours
3 / [state of the internet] / security (Q3 2014)

= botnet topology
• The attacks were launched by a collection of bots
reporting to a command-and-control (C2) host
• The source IP sending commands was located in Asia
• Bots were worldwide
⁄ Most traffic originated in U.S., Germany and China
⁄ Another botnet sending attack payloads was located in Korea
• Botnets were built by targeting:
⁄ Linux-based servers
⁄ Customer-premises equipment
4 / [state of the internet] / security (Q3 2014)

= attack vectors
Multi-vector attacks used multiple types of flood:
• SYN flood
• UDP flood
• ICMP flood
• RESET flood
• GET flood
⁄ Note: GET flood attacks usually reveal the actual source IP addresses
• Attackers used mostly SYN flood and UDP flood traffic,
often together
5 / [state of the internet] / security (Q3 2014)

= about SYN floods
• Subvert the normal Transmission Control Protocol (TCP)
used to establish a valid connection
• Send multiple requests at a rapid rate or send extra large
packets
• Can render an unprotected server unable to respond to
legitimate requests
6 / [state of the internet] / security (Q3 2014)

= about UDP floods
• Exploit the User Datagram Protocol (UDP)
• Are a common protocol in voice-over-IP (VoIP) and online
games
• Do not require establishing a verified connection to initiate
communication
• Make spoofing a source IP easy
• Subvert mitigation efforts with spoofed addresses
7 / [state of the internet] / security (Q3 2014)

= attack statistics
• Attack averages
⁄ 154 Gbps
⁄ 54 Mpps
⁄ 90 hours
• Peak attack stats:
⁄ 321 Gbps
⁄ 169 Mpps
• Top three non-spoofed source IP origins
⁄ U.S.: 49%
⁄ Germany: 21%
⁄ China: 19%
8 / [state of the internet] / security (Q3 2014)

= Q3 2014 state of the internet – security report
Download the Q3 2014 State of the Internet – Security Report,
which includes:
• Analysis of DDoS attack trends
• Bandwidth (Gbps) and volume (Mpps) statistics
• Year-over-year and quarter-by-quarter analysis
• Application layer attacks and infrastructure attacks
• Attack frequency, size and sources
• Where and when DDoSers strike
• How and why attackers are building DDoS botnets from devices other than PCs
and servers
• Details of a record-breaking 321 Gbps DDoS attack
• Syrian Electronic Army (SEA) phishing attacks
• More at www.stateoftheinternet.com/security-reports
9 / [state of the internet] / security (Q3 2014)

= about stateoftheinternet.com
• StateoftheInternet.com, brought to you by Akamai, serves as the home
for content and information intended to provide an informed view into
online connectivity and cybersecurity trends as well as related metrics,
including Internet connection speeds, broadband adoption, mobile
usage, outages, and cyber-attacks and threats.
• Visitors to www.stateoftheinternet.com can find current and archived
versions of Akamai’s State of the Internet (Connectivity and Security)
reports, the company’s data visualizations, and other resources
designed to put context around the ever-changing Internet landscape.
10 / [state of the internet] / security (Q3 2014)

Recently uploaded

Three things you will take away from the session: • How to run an effective tenant-to-tenant migration • Best practices for before, during, and after migration • Tips for using migration as a springboard to prepare for Copilot in Microsoft 365 Main ideas: Migration Overview: The presentation covers the current reality of cross-tenant migrations, the triggers, phases, best practices, and benefits of a successful tenant migration Considerations: When considering a migration, it is important to consider the migration scope, performance, customization, flexibility, user-friendly interface, automation, monitoring, support, training, scalability, data integrity, data security, cost, and licensing structure Next Wave: The next wave of change includes the launch of Copilot, which requires businesses to be prepared for upcoming changes related to Copilot and the cloud, and to consolidate data and tighten governance ShareGate: ShareGate can help with pre-migration analysis, configurable migration tool, and automated, end-user driven collaborative governance

Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff

sammart93

Passkeys: Developing APIs to enable passwordless authentication Cody Salas, Sr Developer Advocate | Solutions Architect - Yubico Apidays New York 2024: The API Economy in the AI Era (April 30 & May 1, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...

apidays

In this keynote, Asanka Abeysinghe, CTO,WSO2 will explore the shift towards platformless technology ecosystems and their importance in driving digital adaptability and innovation. We will discuss strategies for leveraging decentralized architectures and integrating diverse technologies, with a focus on building resilient, flexible, and future-ready IT infrastructures. We will also highlight WSO2's roadmap, emphasizing our commitment to supporting this transformative journey with our evolving product suite.

Platformless Horizons for Digital Adaptability

WSO2

Understanding the FAA Part 107 License ..

Christopher Logan Kennedy

Following the popularity of "Cloud Revolution: Exploring the New Wave of Serverless Spatial Data," we're thrilled to announce this much-anticipated encore webinar. In this sequel, we'll dive deeper into the Cloud-Native realm by uncovering practical applications and FME support for these new formats, including COGs, COPC, FlatGeoBuf, GeoParquet, STAC, and ZARR. Building on the foundation laid by industry leaders Michelle Roby of Radiant Earth and Chris Holmes of Planet in the first webinar, this second part offers an in-depth look at the real-world application and behind-the-scenes dynamics of these cutting-edge formats. We will spotlight specific use-cases and workflows, showcasing their efficiency and relevance in practical scenarios. Discover the vast possibilities each format holds, highlighted through detailed discussions and demonstrations. Our expert speakers will dissect the key aspects and provide critical takeaways for effective use, ensuring attendees leave with a thorough understanding of how to apply these formats in their own projects. Elevate your understanding of how FME supports these cutting-edge technologies, enhancing your ability to manage, share, and analyze spatial data. Whether you're building on knowledge from our initial session or are new to the serverless spatial data landscape, this webinar is your gateway to mastering cloud-native formats in your workflows.

Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME

Safe Software

Boost Fertility New Invention Ups Success Rates.pdf

sudhanshuwaghmare1

Keynote 2: APIs in 2030: The Risk of Technological Sleepwalk Paolo Malinverno, Growth Advisor - The Business of Technology Apidays New York 2024: The API Economy in the AI Era (April 30 & May 1, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...

apidays

Elevate Developer Efficiency & build GenAI Application with Amazon Q

Bhuvaneswari Subramani

Scaling API-first – The story of a global engineering organization Ian Reasor, Senior Computer Scientist - Adobe Radu Cotescu, Senior Computer Scientist - Adobe Apidays New York 2024: The API Economy in the AI Era (April 30 & May 1, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe

apidays

"I see eyes in my soup": How Delivery Hero implemented the safety system for ...

Zilliz

Whatsapp Number Escorts Call girls 8617370543 Available 24x7 Mcleodganj Call Girls Service Offer Genuine VIP Model Escorts Call Girls in Your Budget. Mcleodganj Call Girls Service Provide Real Call Girls Number. Make Your Sexual Pleasure Memorable with Our Mcleodganj Call Girls at Affordable Price. Top VIP Escorts Call Girls, High Profile Independent Escorts Call Girls, Housewife Women Escorts Call Girl, College Girls Escorts Call Girls, Russian Escorts Call girls Service in Your Budget.

Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model

Deepika Singh

[BuildWithAI] Introduction to Gemini.pdf

Sandro Moreira

ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke

Product Anonymous

MS Copilot expands with MS Graph connectors

Nanddeep Nachan

Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood

Juan lago vázquez

Effective data discovery is crucial for maintaining compliance and mitigating risks in today's rapidly evolving privacy landscape. However, traditional manual approaches often struggle to keep pace with the growing volume and complexity of data. Join us for an insightful webinar where industry leaders from TrustArc and Privya will share their expertise on leveraging AI-powered solutions to revolutionize data discovery. You'll learn how to: - Effortlessly maintain a comprehensive, up-to-date data inventory - Harness code scanning insights to gain complete visibility into data flows leveraging the advantages of code scanning over DB scanning - Simplify compliance by leveraging Privya's integration with TrustArc - Implement proven strategies to mitigate third-party risks Our panel of experts will discuss real-world case studies and share practical strategies for overcoming common data discovery challenges. They'll also explore the latest trends and innovations in AI-driven data management, and how these technologies can help organizations stay ahead of the curve in an ever-changing privacy landscape.

TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery

TrustArc

AWS Community Day CPH - Three problems of Terraform

Andrey Devyatkin

Dubai, often portrayed as a shimmering oasis in the desert, faces its own set of challenges, including the occasional threat of flooding. Despite its reputation for opulence and modernity, the emirate is not immune to the forces of nature. In recent years, Dubai has experienced sporadic but significant floods, testing the resilience of its infrastructure and communities. Among the critical lifelines in this bustling metropolis is the Dubai International Airport, a bustling hub that connects the city to the world. This article explores the intersection of Dubai flood events and the resilience demonstrated by the Dubai International Airport in the face of such challenges.

Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...

Orbitshub

Angeliki Cooney has spent over twenty years at the forefront of the life sciences industry, working out of Wynantskill, NY. She is highly regarded for her dedication to advancing the development and accessibility of innovative treatments for chronic diseases, rare disorders, and cancer. Her professional journey has centered on strategic consulting for biopharmaceutical companies, facilitating digital transformation, enhancing omnichannel engagement, and refining strategic commercial practices. Angeliki's innovative contributions include pioneering several software-as-a-service (SaaS) products for the life sciences sector, earning her three patents. As the Senior Vice President of Life Sciences at Avenga, Angeliki orchestrated the firm's strategic entry into the U.S. market. Avenga, a renowned digital engineering and consulting firm, partners with significant entities in the pharmaceutical and biotechnology fields. Her leadership was instrumental in expanding Avenga's client base and establishing its presence in the competitive U.S. market.

Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...

Angeliki Cooney

The value of a flexible API Management solution for Open Banking Steve Melan, Manager for IT Innovation and Architecture - State's and Saving's Bank of Luxembourg Apidays New York 2024: The API Economy in the AI Era (April 30 & May 1, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays New York 2024 - The value of a flexible API Management solution for O...

apidays

Recently uploaded (20)

Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff

Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...

Platformless Horizons for Digital Adaptability

Understanding the FAA Part 107 License ..

Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME

Boost Fertility New Invention Ups Success Rates.pdf

Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...

Elevate Developer Efficiency & build GenAI Application with Amazon Q

Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe

"I see eyes in my soup": How Delivery Hero implemented the safety system for ...

Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model

[BuildWithAI] Introduction to Gemini.pdf

ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke

MS Copilot expands with MS Graph connectors

Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood

TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery

AWS Community Day CPH - Three problems of Terraform

Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...

Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...

Apidays New York 2024 - The value of a flexible API Management solution for O...

Featured

https://www.hubspot.com/state-of-marketing · Scaling relationships and proving ROI · Social media is the place for search, sales, and service · Authentic influencer partnerships fuel brand growth · The strongest connections happen via call, click, chat, and camera. · Time saved with AI leads to more creative work · Seeking: A single source of truth · TLDR; Get on social, try AI, and align your systems. · More human marketing, powered by robots

2024 State of Marketing Report – by Hubspot

Marius Sescu

ChatGPT is a revolutionary addition to the world since its introduction in 2022. A big shift in the sector of information gathering and processing happened because of this chatbot. What is the story of ChatGPT? How is the bot responding to prompts and generating contents? Swipe through these slides prepared by Expeed Software, a web development company regarding the development and technical intricacies of ChatGPT!

Everything You Need To Know About ChatGPT

Expeed Software

Product Design Trends in 2024 | Teenage Engineerings

Pixeldarts

Mental health has been in the news quite a bit lately. Dozens of U.S. states are currently suing Meta for contributing to the youth mental health crisis by inserting addictive features into their products, while the U.S. Surgeon General is touring the nation to bring awareness to the growing epidemic of loneliness and isolation. The country has endured periods of low national morale, such as in the 1970s when high inflation and the energy crisis worsened public sentiment following the Vietnam War. The current mood, however, feels different. Gallup recently reported that national mental health is at an all-time low, with few bright spots to lift spirits. To better understand how Americans are feeling and their attitudes towards mental health in general, ThinkNow conducted a nationally representative quantitative survey of 1,500 respondents and found some interesting differences among ethnic, age and gender groups. Technology For example, 52% agree that technology and social media have a negative impact on mental health, but when broken out by race, 61% of Whites felt technology had a negative effect, and only 48% of Hispanics thought it did. While technology has helped us keep in touch with friends and family in faraway places, it appears to have degraded our ability to connect in person. Staying connected online is a double-edged sword since the same news feed that brings us pictures of the grandkids and fluffy kittens also feeds us news about the wars in Israel and Ukraine, the dysfunction in Washington, the latest mass shooting and the climate crisis. Hispanics may have a built-in defense against the isolation technology breeds, owing to their large, multigenerational households, strong social support systems, and tendency to use social media to stay connected with relatives abroad. Age and Gender When asked how individuals rate their mental health, men rate it higher than women by 11 percentage points, and Baby Boomers rank it highest at 83%, saying it’s good or excellent vs. 57% of Gen Z saying the same. Gen Z spends the most amount of time on social media, so the notion that social media negatively affects mental health appears to be correlated. Unfortunately, Gen Z is also the generation that’s least comfortable discussing mental health concerns with healthcare professionals. Only 40% of them state they’re comfortable discussing their issues with a professional compared to 60% of Millennials and 65% of Boomers. Race Affects Attitudes As seen in previous research conducted by ThinkNow, Asian Americans lag other groups when it comes to awareness of mental health issues. Twenty-four percent of Asian Americans believe that having a mental health issue is a sign of weakness compared to the 16% average for all groups. Asians are also considerably less likely to be aware of mental health services in their communities (42% vs. 55%) and most likely to seek out information on social media (51% vs. 35%).

How Race, Age and Gender Shape Attitudes Towards Mental Health

ThinkNow

AI Trends in Creative Operations 2024 by Artwork Flow.pdf

marketingartwork

Skeleton Culture Code

Skeleton Technologies

PEPSICO Presentation to CAGNY Conference Feb 2024

Neil Kimberley

Content Methodology: A Best Practices Report (Webinar)

contently

How to Prepare For a Successful Job Search for 2024

Albert Qian

A report by thenetworkone and Kurio. The contributing experts and agencies are (in an alphabetical order): Sylwia Rytel, Social Media Supervisor, 180heartbeats + JUNG v MATT (PL), Sharlene Jenner, Vice President - Director of Engagement Strategy, Abelson Taylor (USA), Alex Casanovas, Digital Director, Atrevia (ES), Dora Beilin, Senior Social Strategist, Barrett Hoffher (USA), Min Seo, Campaign Director, Brand New Agency (KR), Deshé M. Gully, Associate Strategist, Day One Agency (USA), Francesca Trevisan, Strategist, Different (IT), Trevor Crossman, CX and Digital Transformation Director; Olivia Hussey, Strategic Planner; Simi Srinarula, Social Media Manager, The Hallway (AUS), James Hebbert, Managing Director, Hylink (CN / UK), Mundy Álvarez, Planning Director; Pedro Rojas, Social Media Manager; Pancho González, CCO, Inbrax (CH), Oana Oprea, Head of Digital Planning, Jam Session Agency (RO), Amy Bottrill, Social Account Director, Launch (UK), Gaby Arriaga, Founder, Leonardo1452 (MX), Shantesh S Row, Creative Director, Liwa (UAE), Rajesh Mehta, Chief Strategy Officer; Dhruv Gaur, Digital Planning Lead; Leonie Mergulhao, Account Supervisor - Social Media & PR, Medulla (IN), Aurelija Plioplytė, Head of Digital & Social, Not Perfect (LI), Daiana Khaidargaliyeva, Account Manager, Osaka Labs (UK / USA), Stefanie Söhnchen, Vice President Digital, PIABO Communications (DE), Elisabeth Winiartati, Managing Consultant, Head of Global Integrated Communications; Lydia Aprina, Account Manager, Integrated Marketing and Communications; Nita Prabowo, Account Manager, Integrated Marketing and Communications; Okhi, Web Developer, PNTR Group (ID), Kei Obusan, Insights Director; Daffi Ranandi, Insights Manager, Radarr (SG), Gautam Reghunath, Co-founder & CEO, Talented (IN), Donagh Humphreys, Head of Social and Digital Innovation, THINKHOUSE (IRE), Sarah Yim, Strategy Director, Zulu Alpha Kilo (CA).

Social Media Marketing Trends 2024 // The Global Indie Insights

Kurio // The Social Media Age(ncy)

The search marketing landscape is evolving rapidly with new technologies, and professionals, like you, rely on innovative paid search strategies to meet changing demands. It’s important that you’re ready to implement new strategies in 2024. Check this out and learn the top trends in paid search advertising that are expected to gain traction, so you can drive higher ROI more efficiently in 2024. You’ll learn: - The latest trends in AI and automation, and what this means for an evolving paid search ecosystem. - New developments in privacy and data regulation. - Emerging ad formats that are expected to make an impact next year. Watch Sreekant Lanka from iQuanti and Irina Klein from OneMain Financial as they dive into the future of paid search and explore the trends, strategies, and technologies that will shape the search marketing landscape. If you’re looking to assess your paid search strategy and design an industry-aligned plan for 2024, then this webinar is for you.

Trends In Paid Search: Navigating The Digital Landscape In 2024

Search Engine Journal

From their humble beginnings in 1984, TED has grown into the world’s most powerful amplifier for speakers and thought-leaders to share their ideas. They have over 2,400 filmed talks (not including the 30,000+ TEDx videos) freely available online, and have hosted over 17,500 events around the world. With over one billion views in a year, it’s no wonder that so many speakers are looking to TED for ideas on how to share their message more effectively. The article “5 Public-Speaking Tips TED Gives Its Speakers”, by Carmine Gallo for Forbes, gives speakers five practical ways to connect with their audience, and effectively share their ideas on stage. Whether you are gearing up to get on a TED stage yourself, or just want to master the skills that so many of their speakers possess, these tips and quotes from Chris Anderson, the TED Talks Curator, will encourage you to make the most impactful impression on your audience. See the full article and more summaries like this on SpeakerHub here: https://speakerhub.com/blog/5-presentation-tips-ted-gives-its-speakers See the original article on Forbes here: http://www.forbes.com/forbes/welcome/?toURL=http://www.forbes.com/sites/carminegallo/2016/05/06/5-public-speaking-tips-ted-gives-its-speakers/&refURL=&referrer=#5c07a8221d9b

5 Public speaking tips from TED - Visualized summary

SpeakerHub

Everyone is in agreement that ChatGPT (and other generative AI tools) will shape the future of work. Yet there is little consensus on exactly how, when, and to what extent this technology will change our world. Businesses that extract maximum value from ChatGPT will use it as a collaborative tool for everything from brainstorming to technical maintenance. For individuals, now is the time to pinpoint the skills the future professional will need to thrive in the AI age. Check out this presentation to understand what ChatGPT is, how it will shape the future of work, and how you can prepare to take advantage.

ChatGPT and the Future of Work - Clark Boyd

Clark Boyd

Getting into the tech field. what next

Tessa Mero

Google's Just Not That Into You: Understanding Core Updates & Search Intent

Lily Ray

How to have difficult conversations

Rajiv Jayarajah, MAppComm, ACC

Introduction to Data Science

Christy Abraham Joy

Time Management & Productivity - Best Practices

Vit Horky

The six step guide to practical project management If you think managing projects is too difficult, think again. We’ve stripped back project management processes to the basics – to make it quicker and easier, without sacrificing the vital ingredients for success. “If you’re looking for some real-world guidance, then The Six Step Guide to Practical Project Management will help.” Dr Andrew Makar, Tactical Project Management

The six step guide to practical project management

MindGenius

Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...

RachelPearson36

Featured (20)

2024 State of Marketing Report – by Hubspot

Everything You Need To Know About ChatGPT

Product Design Trends in 2024 | Teenage Engineerings

How Race, Age and Gender Shape Attitudes Towards Mental Health

AI Trends in Creative Operations 2024 by Artwork Flow.pdf

Skeleton Culture Code

PEPSICO Presentation to CAGNY Conference Feb 2024

Content Methodology: A Best Practices Report (Webinar)

How to Prepare For a Successful Job Search for 2024

Social Media Marketing Trends 2024 // The Global Indie Insights

Trends In Paid Search: Navigating The Digital Landscape In 2024

5 Public speaking tips from TED - Visualized summary

ChatGPT and the Future of Work - Clark Boyd

Getting into the tech field. what next

Google's Just Not That Into You: Understanding Core Updates & Search Intent

How to have difficult conversations

Introduction to Data Science

Time Management & Productivity - Best Practices

The six step guide to practical project management

Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...

Q3 2014 State of the Internet - Security Report -- Attack Spotlight

1. stateoftheinternet.com [Q3 2014] Spotlight on a 321 Gbps Attack

2. = high-bandwidth attack on entertainment firm • 10 distinct attacks over a one-week period • 8 of 10 attack campaigns were high-bandwidth (100+ Gbps) • Peak bandwidth of the largest attack: 321 Gbps (a record) • This multi-vector attack hit: ⁄ Layer 7 (application layer) ⁄ Layer 3 (infrastructure layer) • All attacks were successfully mitigated by Akamai • Source IP addresses remain under watch 2 / [state of the internet] / security (Q3 2014)

3. = timeline of attacks • Attackers targeted an Akamai customer and Akamai’s DDoS mitigation infrastructure • First attacks hit a customer’s web server ⁄ First and third attacks exceeded 100 Gbps • Next attack targeted an Akamai-owned network block protecting the target ⁄ Peak 321-Gbps attack aimed at bypassing DDoS mitigation technology or causing it to fail • After failing to bypass DDoS protections, attacks resumed on the customer’s website • Attacks persisted from July 12 to July 20, averaging 90 hours 3 / [state of the internet] / security (Q3 2014)

4. = botnet topology • The attacks were launched by a collection of bots reporting to a command-and-control (C2) host • The source IP sending commands was located in Asia • Bots were worldwide ⁄ Most traffic originated in U.S., Germany and China ⁄ Another botnet sending attack payloads was located in Korea • Botnets were built by targeting: ⁄ Linux-based servers ⁄ Customer-premises equipment 4 / [state of the internet] / security (Q3 2014)

5. = attack vectors Multi-vector attacks used multiple types of flood: • SYN flood • UDP flood • ICMP flood • RESET flood • GET flood ⁄ Note: GET flood attacks usually reveal the actual source IP addresses • Attackers used mostly SYN flood and UDP flood traffic, often together 5 / [state of the internet] / security (Q3 2014)

6. = about SYN floods • Subvert the normal Transmission Control Protocol (TCP) used to establish a valid connection • Send multiple requests at a rapid rate or send extra large packets • Can render an unprotected server unable to respond to legitimate requests 6 / [state of the internet] / security (Q3 2014)

7. = about UDP floods • Exploit the User Datagram Protocol (UDP) • Are a common protocol in voice-over-IP (VoIP) and online games • Do not require establishing a verified connection to initiate communication • Make spoofing a source IP easy • Subvert mitigation efforts with spoofed addresses 7 / [state of the internet] / security (Q3 2014)

8. = attack statistics • Attack averages ⁄ 154 Gbps ⁄ 54 Mpps ⁄ 90 hours • Peak attack stats: ⁄ 321 Gbps ⁄ 169 Mpps • Top three non-spoofed source IP origins ⁄ U.S.: 49% ⁄ Germany: 21% ⁄ China: 19% 8 / [state of the internet] / security (Q3 2014)

9. = Q3 2014 state of the internet – security report Download the Q3 2014 State of the Internet – Security Report, which includes: • Analysis of DDoS attack trends • Bandwidth (Gbps) and volume (Mpps) statistics • Year-over-year and quarter-by-quarter analysis • Application layer attacks and infrastructure attacks • Attack frequency, size and sources • Where and when DDoSers strike • How and why attackers are building DDoS botnets from devices other than PCs and servers • Details of a record-breaking 321 Gbps DDoS attack • Syrian Electronic Army (SEA) phishing attacks • More at www.stateoftheinternet.com/security-reports 9 / [state of the internet] / security (Q3 2014)

10. = about stateoftheinternet.com • StateoftheInternet.com, brought to you by Akamai, serves as the home for content and information intended to provide an informed view into online connectivity and cybersecurity trends as well as related metrics, including Internet connection speeds, broadband adoption, mobile usage, outages, and cyber-attacks and threats. • Visitors to www.stateoftheinternet.com can find current and archived versions of Akamai’s State of the Internet (Connectivity and Security) reports, the company’s data visualizations, and other resources designed to put context around the ever-changing Internet landscape. 10 / [state of the internet] / security (Q3 2014)

Q3 2014 State of the Internet - Security Report -- Attack Spotlight

Recommended

Recommended

More Related Content

Recently uploaded

Recently uploaded (20)

Featured

Featured (20)

Q3 2014 State of the Internet - Security Report -- Attack Spotlight