Nearly half of those businesses who suffered a DDoS attack in 2014 saw their organization taken completely offline. Why? Because over 80% of DDoS attacks are now multi-vector, striking the application layer and the network layer simultaneously, and often dragging on for days. During this webinar, Paul Mazzucco, TierPoint's Chief Security Officer, describes how these multi-vector DDoS attacks are being perpetrated and what you can do to mitigate against these complex intrusions.
2. Key Reasons for Cyber Attacks
Source: Hackmagedden Source: Hackmagedden
4 months later …December 2014
3. DoS/DDoS Attacks New Cyber Weapon of Choice
Cyber Attack Sophistication Is Increasing
• Lower bandwidth attacks occur more
frequently, last longer, evade detection
- Overwhelm servers, take down site
• Multi-vector campaigns
- Booter services
- Dark DDoS attacks (smokescreens)
- Distract victims, other attacks infiltrate
corporate networks
- DDoS-as-a-Service business model
- Botnets for hire, $6/month
Cyber Attack Sophistication Is Increasing
• Lower bandwidth attacks occur more
frequently, last longer, evade detection
- Overwhelm servers, take down site
• Multi-vector campaigns
- Booter services
- Dark DDoS attacks (smokescreens)
- Distract victims, other attacks infiltrate
corporate networks
- DDoS-as-a-Service business model
- Botnets for hire, $6/month
Source: AkamaiSource: AkamaiSource: Imperva
4. The Industry Hit List
Drivers: the rise of the Internet of Things,
web vulnerabilities and botnet building
Choice Targets
• Competitive industries, e.g. gaming
• SaaS platforms, e.g. healthcare data
• Multi-tenant platforms: attacks on one
tenant impact all other tenants
Drivers: the rise of the Internet of Things,
web vulnerabilities and botnet building
Choice Targets
• Competitive industries, e.g. gaming
• SaaS platforms, e.g. healthcare data
• Multi-tenant platforms: attacks on one
tenant impact all other tenants Source: Akamai
20% of DDoS attacks last over 5 days
The longest attack in 2015 lasted 64 days
5. Lightening Often Strikes More Than Twice
50% of North American and European
companies have been attacked
• 83% of companies attacked repeatedly
• Star Trek Online (STO) – 3 times, Sept ‘15
• Neverwinter Online – 3 times, Sept ‘15
• 54% attacked 6+ times annually
• Rutgers Univ – 6 times in 2015
• 25% experienced theft of data or funds
• U.S. FTC has reached settlements with 50+
companies over poor data security practices
50% of North American and European
companies have been attacked
• 83% of companies attacked repeatedly
• Star Trek Online (STO) – 3 times, Sept ‘15
• Neverwinter Online – 3 times, Sept ‘15
• 54% attacked 6+ times annually
• Rutgers Univ – 6 times in 2015
• 25% experienced theft of data or funds
• U.S. FTC has reached settlements with 50+
companies over poor data security practices
Source: Akamai
Losses greater than 30,000 records
Source: Neustar and The Ponemon Institute
6. Where Are the Attacks Taking Place?
The 7 Layers of the OSI Model
Session attacks typically defeat
conventional firewalls
Source: Akamai
Infrastructure-layer DDoS attacks
outnumber application-layer attacks 9-to-1
Source: Akamai
7. • 88% of application-based attacks came
over HTTP
• 15% of organizations reported attacks
targeting Web application log in pages
on a daily basis
• UDP fragments becoming the largest
portion of network layer attack traffic
Source: Akamai
• 88% of application-based attacks came
over HTTP
• 15% of organizations reported attacks
targeting Web application log in pages
on a daily basis
• UDP fragments becoming the largest
portion of network layer attack traffic
Source: Akamai
Significant Attack Vectors Have Emerged
8. The Simple Service Discovery Protocol (SSDP)
- Top Infrastructure-based Attack Vector
SSDP comes pre-enabled on millions of
devices – routers, media servers, web cams,
smart TVs, printers, automobiles
Allows devices to discover each other on a
network, establish communication, coordinate
activities
Attackers are armed with a list of vulnerable
devices; use them as reflectors to amplify a
DDoS attack
SSDP comes pre-enabled on millions of
devices – routers, media servers, web cams,
smart TVs, printers, automobiles
Allows devices to discover each other on a
network, establish communication, coordinate
activities
Attackers are armed with a list of vulnerable
devices; use them as reflectors to amplify a
DDoS attackSSDP accounted for more than
20% of attack vectors in 2015
9. Attackers Quickly Strike Back
Attackers are continually developing new attack
vectors that defeat mitigation tools
They respond in days / hours after mitigation tools
are deployed
Meaning businesses face two chief challenges:
• The increasing complexity of security, i.e.
multi-pronged nature of the attacks
• Speed at which attackers adapt to new
mitigation tools
10. Compromise Takes Minutes, Discovery Takes Longer
Source: Radware
The cost of DDoS attacks
• Average $40K per hour
• 32% of companies would
loose over $100K revenue
per hour of attack
• 11% of US companies would
loose $1 Million+ revenue
per hour of attack
Source: Neustar
1 in 5 companies were told of attacks by
customers, partners, other 3rd parties
14. Fight Back – Advice #1
Don’t assume your company is not a target
Bake DDoS mitigation into your business
resiliency planning
Understand that no two DDoS attacks are
exactly alike
Ensure buy-in from ALL C-suite executives
15. Fight Back – Advice #2
Protecting your data is not the same as
protecting your business
Also review your current investments in
system integrity and operational
availability
Then gauge the increase required to
ensure appropriate protection
16. Fight Back – Advice #3
You can’t defend against attacks you can’t
detect
Understand your vulnerabilities in today’s
distributed environments
17. Fight Back – Advice #4
Evaluate DDoS protection solutions
Consider a hybrid approach of layered
DDoS defenses: always on, on-premise
hardware blocking plus cloud-based traffic
scrubbing
18. Fight Back – Advice #5
Know your limitations
Enlist specialists that have the expertise
to help you fight and win
19. > Submit your question via webinar
chat box
> Email the Event Moderator post-
event
– If we can’t get to your question on the
call, we’ll respond promptly via email:
Sue.Lawrence-Longo@tierpoint.com
20. Webinars On Demand…
> Visit our website to view any of our previous webinars on demand
(Resources > Library > Webinars):
– Cloud Security Myths
– When Virtualization Meets Infrastructure: A Business Transformation Story
– BYOD: Is This Exploding Trend a Security Time-Bomb?
– How to Investigate Your Cloud Provider’s Security Capabilities
– How to Position Cloud ROI
– Mitigate Risk with Hybrid DR in the Cloud
– 7 Smart Metrics to Calculate Cloud ROI
– Cloud, Colo or Hybrid - Top 4 Considerations