Trends in Web Attacks

2,254 views

Published on

Talk on "Trends in Web Attacks" by Arthur Clune.
See http://www.ukoln.ac.uk/web-focus/events/workshops/webmaster-2007/talks/clune/

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
2,254
On SlideShare
0
From Embeds
0
Number of Embeds
58
Actions
Shares
0
Downloads
68
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide
  • Trends in Web Attacks

    1. 1. Trends in Web Attacks Arthur Clune [email_address]
    2. 2. Talk Overview <ul><li>History of (web) attacks </li></ul><ul><li>DDOS attacks and economics </li></ul><ul><li>Botnets </li></ul><ul><li>Phishing </li></ul><ul><li>Why do we care about this anyway? </li></ul>
    3. 3. A Taxonomy <ul><li>Defacement </li></ul><ul><li>Resource stealing </li></ul><ul><li>Denial of Service/DDOS </li></ul>
    4. 4. History
    5. 5. Prehistory <ul><li>Before the web </li></ul><ul><ul><li>ftp (anonymous ftp uploads) </li></ul></ul><ul><ul><li>gopher </li></ul></ul><ul><ul><li>backdoors </li></ul></ul>
    6. 6. Why? <ul><li>Curiosity </li></ul><ul><li>Status </li></ul><ul><li>‘Fame’ </li></ul><ul><li>Disk space was expensive! </li></ul>
    7. 7. Morris Worm <ul><li>1988 </li></ul><ul><ul><li>Not web based! </li></ul></ul><ul><ul><li>First self spreading worm </li></ul></ul>
    8. 8. Early Web <ul><li>Individual attacks </li></ul><ul><li>Mainly motivated as before </li></ul>
    9. 9. Trinoo/Stachledract <ul><li>1999 </li></ul><ul><li>First large scale DDOS tool </li></ul><ul><li>University of York was among the victims! </li></ul>
    10. 10. Code Red/Nimbda <ul><li>2001 </li></ul><ul><li>Caused extensive problems (network traffic/instability) </li></ul><ul><li>First really big worm </li></ul>
    11. 11. SQLSlammer <ul><li>2003 </li></ul><ul><ul><li>Attacked Microsoft SQL Server </li></ul></ul><ul><ul><li>Fastest spreading worm ever </li></ul></ul><ul><ul><li>How many of your web sites rely on a database? </li></ul></ul>
    12. 12. Misc Stuff <ul><li>Also at this time: </li></ul><ul><ul><li>MS Frontpage extensions </li></ul></ul><ul><ul><ul><li>Edit your webpage remotely…oh, but so can other people. </li></ul></ul></ul>
    13. 13. Digression <ul><li>Zone-h defacement archive demo </li></ul>
    14. 14. Witty Worm <ul><li>2003 </li></ul><ul><li>First worm aimed directly at a web server </li></ul><ul><ul><li>MS IIS </li></ul></ul><ul><li>Followed by Sasser </li></ul>
    15. 15. Moving to webapps <ul><li>First php worm - 2004 </li></ul><ul><ul><li>Attacked phpBB </li></ul></ul><ul><li>It’s now most common to attack applications not webservers themselves </li></ul>
    16. 16. Pure web worms <ul><li>2006 </li></ul><ul><ul><li>MySpace worm </li></ul></ul><ul><ul><ul><li>Spread only within MySpace profiles </li></ul></ul></ul><ul><ul><ul><li>A ‘Web 2.0’ worm? </li></ul></ul></ul>
    17. 17. Distributed Denial of Service ‘Nice website you’ve got there. Shame if anything happened to it’
    18. 18. DDOS - Why bother? <ul><li>It’s not about the frame </li></ul><ul><li>Sometimes it’s about Money </li></ul>
    19. 19. DDOS II <ul><li>How it works </li></ul><ul><li>Targets </li></ul><ul><ul><li>Gambling </li></ul></ul><ul><ul><li>Porn </li></ul></ul><ul><ul><li>Anyone with money </li></ul></ul>
    20. 20. Botnets 0wning the internet for fun and profit
    21. 21. Botnets <ul><li>Botnets are sets of machines, all controlled by a ‘bot herder’ </li></ul><ul><li>Often machines are infected when visiting a website </li></ul><ul><li>Largest botnet found so far had > 1,000,000 machines in it </li></ul>
    22. 22. Botnet example <ul><li>Demo of botnet from UK Honeynet data </li></ul>
    23. 23. Phishing There’s one born every minute
    24. 24. Phishing <ul><li>Different types: </li></ul><ul><ul><li>401 scams </li></ul></ul><ul><ul><li>Bank scams </li></ul></ul><ul><li>Some of these are very realistic </li></ul><ul><li>Banks don’t always help themselves </li></ul>
    25. 25. Phishing 2 <ul><li>Example of a phishing attack from UK Honeynet data </li></ul>
    26. 26. Am I bovered? Or, why this affects web managers
    27. 27. How have things changed? <ul><li>Attacks often less personal, but bigger </li></ul><ul><li>DDOS attacks can be too big to resist </li></ul><ul><li>Web servers valuable as a way of spreading exploit code </li></ul><ul><li>It’s not about fame anymore, but money </li></ul>
    28. 28. How does this affect you? <ul><li>Reputational loss </li></ul><ul><li>Potential for damages if you can’t show due care </li></ul><ul><li>Copyright violations on your servers </li></ul><ul><li>DDOS attacks against you </li></ul>
    29. 29. What can we do? <ul><li>Follow best practice </li></ul><ul><li>Occams razor - don’t multiply servers! </li></ul><ul><li>Code audit/review/pen-testing </li></ul><ul><li>Network design (DMZs, firewalls etc) </li></ul>
    30. 30. Questions?

    ×