Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

The Stakes Have Changed – The Changing Security Landscape by Tony Teo

178 views

Published on

Security Landscape from Arbor. More info www.mynog.org

Published in: Data & Analytics
  • Be the first to comment

  • Be the first to like this

The Stakes Have Changed – The Changing Security Landscape by Tony Teo

  1. 1. The Stakes Have Changed The Changing Security Landscape
  2. 2. ©2017 ARBOR® CONFIDENTIAL & PROPRIETARY bor Security Engineering Respond Team (ASERT) : ATLAS Senso 330+ Service Provider / ISP ~ 98% ASN Traffic Statistics ~ 50% Coverage of National CERT teams 2.63B unique IPv4 addresses ( ~71% theoretical) ASERT monitors 1.76M “dark” IPv4 addresses 140+ Tbps ( Around 33% of Daily World Internet Traffic )
  3. 3. ©2017 ARBOR® CONFIDENTIAL & PROPRIETARY of DDoS Attacks
  4. 4. ©2017 ARBOR® CONFIDENTIAL & PROPRIETARY •  Largest attack reported was 800 Gbps with other respondents reporting attacks of 600 Gbps, 550 Gbps, and 500 Gbps •  One third of respondents report peak attacks over 100Gbps •  41% of EGE respondents and 61% of data-center operators reported attacks exceeding their total Internet capacity DoS Attacks Increasing in Size
  5. 5. ©2017 ARBOR® CONFIDENTIAL & PROPRIETARY orldwide DDoS Attack (Past Year) – Largest DDoS
  6. 6. ©2017 ARBOR® CONFIDENTIAL & PROPRIETARY alaysia DDoS Attack (Past Year) – Largest DDoS
  7. 7. ©2017 ARBOR® CONFIDENTIAL & PROPRIETARY alaysia DDoS Attack (Past Year) – Total DDoS
  8. 8. ©2016 ARBOR® CONFIDENTIAL & PROPRIETARY DoS Extortion – Recent Malaysia Attacks
  9. 9. ©2016 ARBOR® CONFIDENTIAL & PROPRIETARY ~ 1Tbps
  10. 10. ©2017 ARBOR® CONFIDENTIAL & PROPRIETARY 2016 IOT Botnet DDoS Attacks mmer, 2016 – 540 Gbps attack on an organization associated with the Rio Olympics (Lizardstresser) ptember 20th – 620 Gbps attack targeting KrebsOnSecurity.com (Mirai) ptember 21st – 990 Gbps attack targeting OVH (Mirai) ober 21st – Dyn’s Managed DNS Infrastructure Targeted (Mirai) ober 31st – 600 Gbps attack on Liberia (Mirai)
  11. 11. ©2017 ARBOR® CONFIDENTIAL & PROPRIETARY
  12. 12. ©2017 ARBOR® CONFIDENTIAL & PROPRIETARY ATLAS IoT Botnet tracking Country Number of Attempts China 102,975 Vietnam 26,573 Republic of Korea 19,465 USA 17,062 Brazil 16,609 Russia 13,378 Taiwan 11,697 Hong Kong 11,200 Turkey 10,190 Romania 9,856 AS 3462 13% AS 4766 8% AS 7552 7% AS 18403 6% AS 4837 5% AS 9829 4% AS 24086 4% AS 24560 3% others 26% Login attempts by APAC ASN
  13. 13. ©2017 ARBOR® CONFIDENTIAL & PROPRIETARY Scale: Driving Factors, Reflection Amplification •  Reflection Amplification attacks continue but there has been some cyclic change i the protocols favored by attackers. •  Strong growth in the use of DNS (again) through 2016 •  Largest monitored attack of 498.3Gbs, a 97% jump from last year –  DNS and NTP attacks over 400Gbps, Chargen over 200Gbps
  14. 14. ©2016 ARBOR® CONFIDENTIAL & PROPRIETARY 1 Every 6 Seconds DDoS Attacks ©2017 ARBOR® CONFIDENTIAL & PROPRIETARY
  15. 15. ©2017 ARBOR® CONFIDENTIAL & PROPRIETARY requency : Up Across the Board •  53% of SPs see more than 51 attacks per month, up from 44% •  21% of data-centers see more than 50 attacks per month, up from 8% •  45% of EGE see more than 10 attacks per month, up from 28% •  ATLAS is tracking 135,000 Volumetric attacks per week. EGE
  16. 16. ©2017 ARBOR® CONFIDENTIAL & PROPRIETARY ◦  Increased availability of “Stresser Tools”/”Booters” which perform highly distributed attacks using a combination of non-spoofed and spoofed amplification attacks. Often linked to bot-farms. ◦  Development of tools for use by voluntarily opt-in attackers: ‒  Low Orbit Ion Cannon used to perform non-spoofed UDP/ICMP attacks ‒  High Orbit Ion Cannon sends non- spoofed HTTP requests against multiple sites equency - Weaponization of DDoS
  17. 17. ©2017 ARBOR® CONFIDENTIAL & PROPRIETARY Frequency - DDoS tools for the masses ◦  Anyone which has the capability to click a button can now launch an DDoS attack. ◦  Cheap and simple to use: ‒  VIP accounts! ‒  Lifetime subscription! ‒  24x7 customer support! ◦  Primarily used by gamers attacking each other but recently we have bee seeing them used to attack highly visible targets.
  18. 18. ©2017 ARBOR® CONFIDENTIAL & PROPRIETARY Complexity : EGE Attack Types
  19. 19. ©2017 ARBOR® CONFIDENTIAL & PROPRIETARY IREWALL, IPS, LOAD BALANCER FAIL TO STOP DDOS TTACKS Source: Arbor Networks Annual Worldwide Infrastructure Security Report Y2015 Y2012 Y2014 Y2013 43% Y2016
  20. 20. ©2017 ARBOR® CONFIDENTIAL & PROPRIETARY TATE EXHAUSTION DDOS ATTACK DATA CENTER Attack Traffic Good Traffic Full !!
  21. 21. ©2017 ARBOR® CONFIDENTIAL & PROPRIETARY TATEFUL DEVICE ?
  22. 22. ©2016 ARBOR® CONFIDENTIAL & PROPRIETARY DDoS Targets
  23. 23. ©2017 ARBOR® CONFIDENTIAL & PROPRIETARY mpact : Enterprise •  Reputation/brand damage and operational expense most commonly cited business impacts by EGE respondents –  Increase from 36% to 48% experiencing brand damage •  59% of EGE respondents estimate downtime cost of > $500/min. •  Majority estimate cost of a major attack below $10K, some estimate over $1M
  24. 24. ©2016 ARBOR® CONFIDENTIAL & PROPRIETARY Thank You Tony Teo – tteo@arbor.net Director Sale Engineering, APJ Arbor Networks, a Netscout Company
  25. 25. ©2017 ARBOR® CONFIDENTIAL & PROPRIETARY

×