SlideShare a Scribd company logo

Ben herzberg/incapsula trends of cyber attacks

C
ChungSC_tw

The document discusses cyber attack trends and the rise of IoT botnets. It provides information on different types of DDoS attacks like volumetric and layer 7 attacks. It examines the history of notable IoT botnets like Mirai and their role in large DDoS attacks in recent years. The growing prevalence of IoTs and potential for over 6 billion smart devices by 2020 is also noted. Challenges for the security industry in 2018 around topics like "secure by default", threat intelligence sharing, and the potential role of cloud security are outlined.

Technology
1 of 47
© 2016 Imperva, Inc. All rights reserved. Cyber Attack Trends Ben Herzberg @KernelXSS @imperva
© 2017 Imperva, Inc. All rights reserved. - @KernelXSS - about() 2 > ben.childNodes.length <· 2 > ben.history <· [“PT”,”Dev”] > ben.employer <· “Imperva” > ben.positionX <· “Research Group Manager” > ben.social <· {“TWT”: “@KernelXSS”, “LNK”: “Ben Herzberg”}
DoS / DDoS Attacks
WHAT’S DDOS (IN 6 SECONDS)
Volumetric Attacks
Layer 7 Attacks
WHY?
Lately…
© 2017 Imperva, Inc. All rights reserved. @KernelXSS @Incapsula_com IoT DDoS through the (very recent) history 16 Mirai 20-SEP-2016 OVH Attack 21-OCT-2016 Dyn DNS DDoS 5-DEC-2016 INVESTIGATED IoT DDoSINVESTIGATED IoT DDoS BEFORE IT WAS COOLBEFORE IT WAS COOL
© 2017 Imperva, Inc. All rights reserved. @KernelXSS @Incapsula_com IoT DDoS through the (very recent) history 17 Mirai OVH Attack 30-DEC-2014 21-OCT-2015 20-SEP-2016 5-DEC-2016 … SOHO Routers CCTV DDoS 21-OCT-2016 Dyn DNS DDoS
@ZAvishh Why use IoTs 4 DDoS?
© 2016 Imperva, Inc. All rights reserved. @KernelXSS19
© 2016 Imperva, Inc. All rights reserved. @KernelXSS20 IoTPC internet connection IoTPC VVinternet connection
© 2016 Imperva, Inc. All rights reserved. @KernelXSS21 IoTPC VVinternet connection code execution IoTPC VVinternet connection VVcode execution
© 2016 Imperva, Inc. All rights reserved. @KernelXSS22 IoTPC VVinternet connection VVcode execution scanability IoTPC VVinternet connection VVcode execution VXscanability
© 2016 Imperva, Inc. All rights reserved. @KernelXSS23 IoTPC VVinternet connection VVcode execution VXscanability hackability IoTPC VVinternet connection VVcode execution VXscanability VXhackability IoTPC VVinternet connection VVcode execution VXscanability VXhackability
@KernelXSS The case of Mirai
© 2016 Imperva, Inc. All rights reserved. - @KernelXSS -25 func (this *Database) CreateUser(username string, password string, max_bots 
 int, duration int, cooldown int)
 bool {
 ...
 this.db.Exec("INSERT INTO users (username, password, max_bots, admin, "
 "last_paid, cooldown, duration_limit)"
 "VALUES (?, ?, ?, 0, UNIX_TIMESTAMP(), ?, ?)", 
 username, password, max_bots, cooldown, duration)
 return true
 }
© 2016 Imperva, Inc. All rights reserved. - @KernelXSS -26 #DEFINE TABLE_MEM_QBOT // REPORT %S:%S
 #DEFINE TABLE_MEM_QBOT2 // HTTPFLOOD
 #DEFINE TABLE_MEM_QBOT3 // LOLNOGTFO
 #DEFINE TABLE_MEM_UPX // X58X4DX4EX4EX43X50X46X22
 #DEFINE TABLE_MEM_ZOLLARD // ZOLLARD
 #DEFINE TABLE_KILLER_ANIME // .anime killer_kill_by_port(htons(23)) // Kill telnet service
 killer_kill_by_port(htons(22)) // Kill SSH service
 killer_kill_by_port(htons(80)) // Kill HTTP service
© 2016 Imperva, Inc. All rights reserved. - @KernelXSS -27 void attack_tcp_syn(uint8_t targs_len, struct attack_target *targs,…)
 void attack_tcp_ack(uint8_t targs_len, struct attack_target *targs,…)
 void attack_tcp_stomp(uint8_t targs_len, struct attack_target *targs,…)
 
 void attack_udp_generic(uint8_t targs_len, struct attack_target *targs,…)
 void attack_udp_plain(uint8_t targs_len, struct attack_target *targs,…)
 void attack_udp_dns(uint8_t targs_len, struct attack_target *targs,…)
 
 void attack_gre_ip(uint8_t targs_len, struct attack_target *targs,…)
 void attack_gre_eth(uint8_t targs_len, struct attack_target *targs,…)
 
 void attack_app_http(uint8_t targs_len, struct attack_target *targs,…)
© 2016 Imperva, Inc. All rights reserved. - @KernelXSS -28 # define TABLE_ATK_DOSARREST 45 // "server: dosarrest"
 # define TABLE_ATK_CLOUDFLARE_NGINX 46 // "server: cloudflare-nginx"
 
 if (util_stristr(generic_memes, ret, table_retrieve_val(TABLE_ATK_CLOUDFLARE_NGINX, NULL)) != -1)
 conn->protection_type = HTTP_PROT_CLOUDFLARE;
 
 if (util_stristr(generic_memes, ret, table_retrieve_val(TABLE_ATK_DOSARREST, NULL)) != -1)
 conn->protection_type = HTTP_PROT_DOSARREST;
© 2016 Imperva, Inc. All rights reserved. - @KernelXSS -29
© 2016 Imperva, Inc. All rights reserved. - @KernelXSS -30
Industry Challenges for 2018
“Secure by default”
TMI
Antivirus 1987 1992 Firewall 1999 WAF IPS NOW ?
Host IDS/IPS Database Access Management Network Anomaly Detection Threat Intelligence Sharing MDM DDoS Mitigation Cloud Access Security Broker Identity Management Threat Containment Solutions Forensic Kits Honeypots Decoys Automated Vulnerability Assessment File Access Management Patch Inventory Management Device Control Management Network Access Control Database Firewalls Data Vaults
DDoS Trends
Over 6,000,000,000 Smart-Phones By 2020
© 2017 Imperva, Inc. All rights reserved. @KernelXSS @Incapsula_com The growing prevalence of IoTs 39 Source: Ericsson Mobility Report; June 2016.
© 2017 Imperva, Inc. All rights reserved. @KernelXSS @Incapsula_com IoT botnets NG • Improving the C2 functionality: • DGA • P2P • Different spreading techniques • TR-069 vulnerabilities • Windows as a relay • Non-DDoS botnets • Bitcoin mining • SPAM spreading • Bruteforcing • IoT vigilantes - Hajime 41 Image credits: www.mobihealthnews.com
How do we do that?
Small Data is the new BigData
“SecOps”
Config: Less is More
Sometimes Cloud is the Security
© 2017 Imperva, Inc. All rights reserved.47 @KernelXSS, @imperva Thanks You! ⾮非常感谢您 linkedin.com/in/sysadmin ben.herzberg@imperva.com

Recommended

Network Monitoring with Icinga
Network Monitoring with IcingaNetwork Monitoring with Icinga
Network Monitoring with Icinga
learjk
 
Info 2402 assignment 2_ crawler
Info 2402 assignment 2_ crawlerInfo 2402 assignment 2_ crawler
Info 2402 assignment 2_ crawler
Shahriar Rafee
 
SBA Live Academy - Secure Containers for Developer by Mathias Tausig
SBA Live Academy - Secure Containers for Developer by Mathias TausigSBA Live Academy - Secure Containers for Developer by Mathias Tausig
SBA Live Academy - Secure Containers for Developer by Mathias Tausig
SBA Research
 
ExpertsLiveEurope The New Era Of Endpoint Security
ExpertsLiveEurope The New Era Of Endpoint SecurityExpertsLiveEurope The New Era Of Endpoint Security
ExpertsLiveEurope The New Era Of Endpoint Security
Alexander Benoit
 
Logs And Backups
Logs And BackupsLogs And Backups
Logs And Backups
Charles Southerland
 
Cloud Intrusion Detection Reloaded - 2018
Cloud Intrusion Detection Reloaded - 2018Cloud Intrusion Detection Reloaded - 2018
Cloud Intrusion Detection Reloaded - 2018
randomuserid
 
Artem Storozhuk - Search over encrypted records: from academic dreams to prod...
Artem Storozhuk - Search over encrypted records: from academic dreams to prod...Artem Storozhuk - Search over encrypted records: from academic dreams to prod...
Artem Storozhuk - Search over encrypted records: from academic dreams to prod...
NoNameCon
 
Deep learning beyond the learning - Jörg Schad - Codemotion Rome 2018
Deep learning beyond the learning - Jörg Schad - Codemotion Rome 2018 Deep learning beyond the learning - Jörg Schad - Codemotion Rome 2018
Deep learning beyond the learning - Jörg Schad - Codemotion Rome 2018
Codemotion
 

Recommended

Network Monitoring with Icinga
Network Monitoring with IcingaNetwork Monitoring with Icinga
Network Monitoring with Icinga
learjk
 
Info 2402 assignment 2_ crawler
Info 2402 assignment 2_ crawlerInfo 2402 assignment 2_ crawler
Info 2402 assignment 2_ crawler
Shahriar Rafee
 
SBA Live Academy - Secure Containers for Developer by Mathias Tausig
SBA Live Academy - Secure Containers for Developer by Mathias TausigSBA Live Academy - Secure Containers for Developer by Mathias Tausig
SBA Live Academy - Secure Containers for Developer by Mathias Tausig
SBA Research
 
ExpertsLiveEurope The New Era Of Endpoint Security
ExpertsLiveEurope The New Era Of Endpoint SecurityExpertsLiveEurope The New Era Of Endpoint Security
ExpertsLiveEurope The New Era Of Endpoint Security
Alexander Benoit
 
Logs And Backups
Logs And BackupsLogs And Backups
Logs And Backups
Charles Southerland
 
Cloud Intrusion Detection Reloaded - 2018
Cloud Intrusion Detection Reloaded - 2018Cloud Intrusion Detection Reloaded - 2018
Cloud Intrusion Detection Reloaded - 2018
randomuserid
 
Artem Storozhuk - Search over encrypted records: from academic dreams to prod...
Artem Storozhuk - Search over encrypted records: from academic dreams to prod...Artem Storozhuk - Search over encrypted records: from academic dreams to prod...
Artem Storozhuk - Search over encrypted records: from academic dreams to prod...
NoNameCon
 
Deep learning beyond the learning - Jörg Schad - Codemotion Rome 2018
Deep learning beyond the learning - Jörg Schad - Codemotion Rome 2018 Deep learning beyond the learning - Jörg Schad - Codemotion Rome 2018
Deep learning beyond the learning - Jörg Schad - Codemotion Rome 2018
Codemotion
 
Beyond Mirai: The new age of MDDoS attacks
Beyond Mirai: The new age of MDDoS attacksBeyond Mirai: The new age of MDDoS attacks
Beyond Mirai: The new age of MDDoS attacks
APNIC
 
CanSecWest 2017 - Port(al) to the iOS Core
CanSecWest 2017 - Port(al) to the iOS CoreCanSecWest 2017 - Port(al) to the iOS Core
CanSecWest 2017 - Port(al) to the iOS Core
Stefan Esser
 
Mobile Penetration Testing: Episode III - Attack of the Code
Mobile Penetration Testing: Episode III - Attack of the CodeMobile Penetration Testing: Episode III - Attack of the Code
Mobile Penetration Testing: Episode III - Attack of the Code
NowSecure
 
Powering Predictive Mapping at Scale with Spark, Kafka, and Elastic Search: S...
Powering Predictive Mapping at Scale with Spark, Kafka, and Elastic Search: S...Powering Predictive Mapping at Scale with Spark, Kafka, and Elastic Search: S...
Powering Predictive Mapping at Scale with Spark, Kafka, and Elastic Search: S...
Spark Summit
 
Information track presentation_final
Information track presentation_finalInformation track presentation_final
Information track presentation_final
Kazuki Omo
 
OSMC 2018 | Distributed Tracing FAQ by Gianluca Arbezzano
OSMC 2018 | Distributed Tracing FAQ by Gianluca ArbezzanoOSMC 2018 | Distributed Tracing FAQ by Gianluca Arbezzano
OSMC 2018 | Distributed Tracing FAQ by Gianluca Arbezzano
NETWAYS
 
Dragos S4X20: Mapping ICS Incidents to the MITRE Attack Framework
Dragos S4X20: Mapping ICS Incidents to the MITRE Attack FrameworkDragos S4X20: Mapping ICS Incidents to the MITRE Attack Framework
Dragos S4X20: Mapping ICS Incidents to the MITRE Attack Framework
Dragos, Inc.
 
Doing Dropbox the Native Cloud Native Way
Doing Dropbox the Native Cloud Native WayDoing Dropbox the Native Cloud Native Way
Doing Dropbox the Native Cloud Native Way
Minio
 
G3t R00t at IUT
G3t R00t at IUTG3t R00t at IUT
G3t R00t at IUT
Nahidul Kibria
 
Chapter TwelveNetwork SecurityData Communications an.docx
Chapter TwelveNetwork SecurityData Communications an.docxChapter TwelveNetwork SecurityData Communications an.docx
Chapter TwelveNetwork SecurityData Communications an.docx
mccormicknadine86
 
Embedded linux 악성코드 동향 20150323 v1.0 공개판
Embedded linux 악성코드 동향 20150323 v1.0 공개판Embedded linux 악성코드 동향 20150323 v1.0 공개판
Embedded linux 악성코드 동향 20150323 v1.0 공개판
Minseok(Jacky) Cha
 
D3TLV17- Keeping it Safe
D3TLV17- Keeping it SafeD3TLV17- Keeping it Safe
D3TLV17- Keeping it Safe
Imperva Incapsula
 
Trend briefs security
Trend briefs securityTrend briefs security
Trend briefs security
Jongseok Choi
 
SPO2-T11_Automated-Prevention-of-Ransomware-with-Machine-Learning-and-GPOs
SPO2-T11_Automated-Prevention-of-Ransomware-with-Machine-Learning-and-GPOsSPO2-T11_Automated-Prevention-of-Ransomware-with-Machine-Learning-and-GPOs
SPO2-T11_Automated-Prevention-of-Ransomware-with-Machine-Learning-and-GPOsRod Soto
 
Automated prevention of ransomware with machine learning and gpos
Automated prevention of ransomware with machine learning and gposAutomated prevention of ransomware with machine learning and gpos
Automated prevention of ransomware with machine learning and gpos
Priyanka Aash
 
OSDC 2018 | From batch to pipelines – why Apache Mesos and DC/OS are a soluti...
OSDC 2018 | From batch to pipelines – why Apache Mesos and DC/OS are a soluti...OSDC 2018 | From batch to pipelines – why Apache Mesos and DC/OS are a soluti...
OSDC 2018 | From batch to pipelines – why Apache Mesos and DC/OS are a soluti...
NETWAYS
 
9(1)
9(1)9(1)
9(1)sruthi c
 
Android Architecture components
Android Architecture componentsAndroid Architecture components
Android Architecture components
Michelantonio Trizio
 
Penetrating Windows 8 with syringe utility
Penetrating Windows 8 with syringe utilityPenetrating Windows 8 with syringe utility
Penetrating Windows 8 with syringe utility
IOSR Journals
 
Mobile Penetration Testing: Episode II - Attack of the Code
Mobile Penetration Testing: Episode II - Attack of the CodeMobile Penetration Testing: Episode II - Attack of the Code
Mobile Penetration Testing: Episode II - Attack of the Code
NowSecure
 
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfObservability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Paige Cruz
 
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Thierry Lestable
 

More Related Content

Similar to Ben herzberg/incapsula trends of cyber attacks

Beyond Mirai: The new age of MDDoS attacks
Beyond Mirai: The new age of MDDoS attacksBeyond Mirai: The new age of MDDoS attacks
Beyond Mirai: The new age of MDDoS attacks
APNIC
 
CanSecWest 2017 - Port(al) to the iOS Core
CanSecWest 2017 - Port(al) to the iOS CoreCanSecWest 2017 - Port(al) to the iOS Core
CanSecWest 2017 - Port(al) to the iOS Core
Stefan Esser
 
Mobile Penetration Testing: Episode III - Attack of the Code
Mobile Penetration Testing: Episode III - Attack of the CodeMobile Penetration Testing: Episode III - Attack of the Code
Mobile Penetration Testing: Episode III - Attack of the Code
NowSecure
 
Powering Predictive Mapping at Scale with Spark, Kafka, and Elastic Search: S...
Powering Predictive Mapping at Scale with Spark, Kafka, and Elastic Search: S...Powering Predictive Mapping at Scale with Spark, Kafka, and Elastic Search: S...
Powering Predictive Mapping at Scale with Spark, Kafka, and Elastic Search: S...
Spark Summit
 
Information track presentation_final
Information track presentation_finalInformation track presentation_final
Information track presentation_final
Kazuki Omo
 
OSMC 2018 | Distributed Tracing FAQ by Gianluca Arbezzano
OSMC 2018 | Distributed Tracing FAQ by Gianluca ArbezzanoOSMC 2018 | Distributed Tracing FAQ by Gianluca Arbezzano
OSMC 2018 | Distributed Tracing FAQ by Gianluca Arbezzano
NETWAYS
 
Dragos S4X20: Mapping ICS Incidents to the MITRE Attack Framework
Dragos S4X20: Mapping ICS Incidents to the MITRE Attack FrameworkDragos S4X20: Mapping ICS Incidents to the MITRE Attack Framework
Dragos S4X20: Mapping ICS Incidents to the MITRE Attack Framework
Dragos, Inc.
 
Doing Dropbox the Native Cloud Native Way
Doing Dropbox the Native Cloud Native WayDoing Dropbox the Native Cloud Native Way
Doing Dropbox the Native Cloud Native Way
Minio
 
G3t R00t at IUT
G3t R00t at IUTG3t R00t at IUT
G3t R00t at IUT
Nahidul Kibria
 
Chapter TwelveNetwork SecurityData Communications an.docx
Chapter TwelveNetwork SecurityData Communications an.docxChapter TwelveNetwork SecurityData Communications an.docx
Chapter TwelveNetwork SecurityData Communications an.docx
mccormicknadine86
 
Embedded linux 악성코드 동향 20150323 v1.0 공개판
Embedded linux 악성코드 동향 20150323 v1.0 공개판Embedded linux 악성코드 동향 20150323 v1.0 공개판
Embedded linux 악성코드 동향 20150323 v1.0 공개판
Minseok(Jacky) Cha
 
D3TLV17- Keeping it Safe
D3TLV17- Keeping it SafeD3TLV17- Keeping it Safe
D3TLV17- Keeping it Safe
Imperva Incapsula
 
Trend briefs security
Trend briefs securityTrend briefs security
Trend briefs security
Jongseok Choi
 
SPO2-T11_Automated-Prevention-of-Ransomware-with-Machine-Learning-and-GPOs
SPO2-T11_Automated-Prevention-of-Ransomware-with-Machine-Learning-and-GPOsSPO2-T11_Automated-Prevention-of-Ransomware-with-Machine-Learning-and-GPOs
SPO2-T11_Automated-Prevention-of-Ransomware-with-Machine-Learning-and-GPOsRod Soto
 
Automated prevention of ransomware with machine learning and gpos
Automated prevention of ransomware with machine learning and gposAutomated prevention of ransomware with machine learning and gpos
Automated prevention of ransomware with machine learning and gpos
Priyanka Aash
 
OSDC 2018 | From batch to pipelines – why Apache Mesos and DC/OS are a soluti...
OSDC 2018 | From batch to pipelines – why Apache Mesos and DC/OS are a soluti...OSDC 2018 | From batch to pipelines – why Apache Mesos and DC/OS are a soluti...
OSDC 2018 | From batch to pipelines – why Apache Mesos and DC/OS are a soluti...
NETWAYS
 
Android Architecture components
Android Architecture componentsAndroid Architecture components
Android Architecture components
Michelantonio Trizio
 
Penetrating Windows 8 with syringe utility
Penetrating Windows 8 with syringe utilityPenetrating Windows 8 with syringe utility
Penetrating Windows 8 with syringe utility
IOSR Journals
 
Mobile Penetration Testing: Episode II - Attack of the Code
Mobile Penetration Testing: Episode II - Attack of the CodeMobile Penetration Testing: Episode II - Attack of the Code
Mobile Penetration Testing: Episode II - Attack of the Code
NowSecure
 

Similar to Ben herzberg/incapsula trends of cyber attacks (20)

Beyond Mirai: The new age of MDDoS attacks
Beyond Mirai: The new age of MDDoS attacksBeyond Mirai: The new age of MDDoS attacks
Beyond Mirai: The new age of MDDoS attacks
 
CanSecWest 2017 - Port(al) to the iOS Core
CanSecWest 2017 - Port(al) to the iOS CoreCanSecWest 2017 - Port(al) to the iOS Core
CanSecWest 2017 - Port(al) to the iOS Core
 
Mobile Penetration Testing: Episode III - Attack of the Code
Mobile Penetration Testing: Episode III - Attack of the CodeMobile Penetration Testing: Episode III - Attack of the Code
Mobile Penetration Testing: Episode III - Attack of the Code
 
Powering Predictive Mapping at Scale with Spark, Kafka, and Elastic Search: S...
Powering Predictive Mapping at Scale with Spark, Kafka, and Elastic Search: S...Powering Predictive Mapping at Scale with Spark, Kafka, and Elastic Search: S...
Powering Predictive Mapping at Scale with Spark, Kafka, and Elastic Search: S...
 
Information track presentation_final
Information track presentation_finalInformation track presentation_final
Information track presentation_final
 
OSMC 2018 | Distributed Tracing FAQ by Gianluca Arbezzano
OSMC 2018 | Distributed Tracing FAQ by Gianluca ArbezzanoOSMC 2018 | Distributed Tracing FAQ by Gianluca Arbezzano
OSMC 2018 | Distributed Tracing FAQ by Gianluca Arbezzano
 
Dragos S4X20: Mapping ICS Incidents to the MITRE Attack Framework
Dragos S4X20: Mapping ICS Incidents to the MITRE Attack FrameworkDragos S4X20: Mapping ICS Incidents to the MITRE Attack Framework
Dragos S4X20: Mapping ICS Incidents to the MITRE Attack Framework
 
Doing Dropbox the Native Cloud Native Way
Doing Dropbox the Native Cloud Native WayDoing Dropbox the Native Cloud Native Way
Doing Dropbox the Native Cloud Native Way
 
G3t R00t at IUT
G3t R00t at IUTG3t R00t at IUT
G3t R00t at IUT
 
Chapter TwelveNetwork SecurityData Communications an.docx
Chapter TwelveNetwork SecurityData Communications an.docxChapter TwelveNetwork SecurityData Communications an.docx
Chapter TwelveNetwork SecurityData Communications an.docx
 
Embedded linux 악성코드 동향 20150323 v1.0 공개판
Embedded linux 악성코드 동향 20150323 v1.0 공개판Embedded linux 악성코드 동향 20150323 v1.0 공개판
Embedded linux 악성코드 동향 20150323 v1.0 공개판
 
D3TLV17- Keeping it Safe
D3TLV17- Keeping it SafeD3TLV17- Keeping it Safe
D3TLV17- Keeping it Safe
 
Trend briefs security
Trend briefs securityTrend briefs security
Trend briefs security
 
SPO2-T11_Automated-Prevention-of-Ransomware-with-Machine-Learning-and-GPOs
SPO2-T11_Automated-Prevention-of-Ransomware-with-Machine-Learning-and-GPOsSPO2-T11_Automated-Prevention-of-Ransomware-with-Machine-Learning-and-GPOs
SPO2-T11_Automated-Prevention-of-Ransomware-with-Machine-Learning-and-GPOs
 
Automated prevention of ransomware with machine learning and gpos
Automated prevention of ransomware with machine learning and gposAutomated prevention of ransomware with machine learning and gpos
Automated prevention of ransomware with machine learning and gpos
 
OSDC 2018 | From batch to pipelines – why Apache Mesos and DC/OS are a soluti...
OSDC 2018 | From batch to pipelines – why Apache Mesos and DC/OS are a soluti...OSDC 2018 | From batch to pipelines – why Apache Mesos and DC/OS are a soluti...
OSDC 2018 | From batch to pipelines – why Apache Mesos and DC/OS are a soluti...
 
9(1)
9(1)9(1)
9(1)
 
Android Architecture components
Android Architecture componentsAndroid Architecture components
Android Architecture components
 
Penetrating Windows 8 with syringe utility
Penetrating Windows 8 with syringe utilityPenetrating Windows 8 with syringe utility
Penetrating Windows 8 with syringe utility
 
Mobile Penetration Testing: Episode II - Attack of the Code
Mobile Penetration Testing: Episode II - Attack of the CodeMobile Penetration Testing: Episode II - Attack of the Code
Mobile Penetration Testing: Episode II - Attack of the Code
 

Recently uploaded

Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfObservability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Paige Cruz
 
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Thierry Lestable
 
PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)
Ralf Eggert
 
PCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase TeamPCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase Team
ControlCase
 
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
BookNet Canada
 
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Product School
 
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdfSAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf
Peter Spielvogel
 
GraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge GraphGraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge Graph
Guy Korland
 
The Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and SalesThe Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and Sales
Laura Byrne
 
Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........
Alison B. Lowndes
 
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdfFIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance
 
Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI supportEpistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
Alan Dix
 
Leading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdfLeading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdf
OnBoard
 
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
Product School
 
A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...
sonjaschweigert1
 
Monitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR EventsMonitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR Events
Ana-Maria Mihalceanu
 
Introduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - CybersecurityIntroduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - Cybersecurity
mikeeftimakis1
 
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
Sri Ambati
 
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
DanBrown980551
 
Accelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish CachingAccelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish Caching
Thijs Feryn
 

Recently uploaded (20)

Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfObservability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
 
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
 
PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)
 
PCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase TeamPCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase Team
 
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
 
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
 
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdfSAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf
 
GraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge GraphGraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge Graph
 
The Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and SalesThe Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and Sales
 
Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........
 
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdfFIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
 
Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI supportEpistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
 
Leading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdfLeading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdf
 
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
 
A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...
 
Monitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR EventsMonitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR Events
 
Introduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - CybersecurityIntroduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - Cybersecurity
 
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
 
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
 
Accelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish CachingAccelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish Caching
 

Ben herzberg/incapsula trends of cyber attacks

  • 1. © 2016 Imperva, Inc. All rights reserved. Cyber Attack Trends Ben Herzberg @KernelXSS @imperva
  • 2. © 2017 Imperva, Inc. All rights reserved. - @KernelXSS - about() 2 > ben.childNodes.length <· 2 > ben.history <· [“PT”,”Dev”] > ben.employer <· “Imperva” > ben.positionX <· “Research Group Manager” > ben.social <· {“TWT”: “@KernelXSS”, “LNK”: “Ben Herzberg”}
  • 3. DoS / DDoS Attacks
  • 5.
  • 6.
  • 8.
  • 10.
  • 11.
  • 12.
  • 13.
  • 14. WHY?
  • 16. © 2017 Imperva, Inc. All rights reserved. @KernelXSS @Incapsula_com IoT DDoS through the (very recent) history 16 Mirai 20-SEP-2016 OVH Attack 21-OCT-2016 Dyn DNS DDoS 5-DEC-2016 INVESTIGATED IoT DDoSINVESTIGATED IoT DDoS BEFORE IT WAS COOLBEFORE IT WAS COOL
  • 17. © 2017 Imperva, Inc. All rights reserved. @KernelXSS @Incapsula_com IoT DDoS through the (very recent) history 17 Mirai OVH Attack 30-DEC-2014 21-OCT-2015 20-SEP-2016 5-DEC-2016 … SOHO Routers CCTV DDoS 21-OCT-2016 Dyn DNS DDoS
  • 19. © 2016 Imperva, Inc. All rights reserved. @KernelXSS19
  • 20. © 2016 Imperva, Inc. All rights reserved. @KernelXSS20 IoTPC internet connection IoTPC VVinternet connection
  • 21. © 2016 Imperva, Inc. All rights reserved. @KernelXSS21 IoTPC VVinternet connection code execution IoTPC VVinternet connection VVcode execution
  • 22. © 2016 Imperva, Inc. All rights reserved. @KernelXSS22 IoTPC VVinternet connection VVcode execution scanability IoTPC VVinternet connection VVcode execution VXscanability
  • 23. © 2016 Imperva, Inc. All rights reserved. @KernelXSS23 IoTPC VVinternet connection VVcode execution VXscanability hackability IoTPC VVinternet connection VVcode execution VXscanability VXhackability IoTPC VVinternet connection VVcode execution VXscanability VXhackability
  • 25. © 2016 Imperva, Inc. All rights reserved. - @KernelXSS -25 func (this *Database) CreateUser(username string, password string, max_bots 
 int, duration int, cooldown int)
 bool {
 ...
 this.db.Exec("INSERT INTO users (username, password, max_bots, admin, "
 "last_paid, cooldown, duration_limit)"
 "VALUES (?, ?, ?, 0, UNIX_TIMESTAMP(), ?, ?)", 
 username, password, max_bots, cooldown, duration)
 return true
 }
  • 26. © 2016 Imperva, Inc. All rights reserved. - @KernelXSS -26 #DEFINE TABLE_MEM_QBOT // REPORT %S:%S
 #DEFINE TABLE_MEM_QBOT2 // HTTPFLOOD
 #DEFINE TABLE_MEM_QBOT3 // LOLNOGTFO
 #DEFINE TABLE_MEM_UPX // X58X4DX4EX4EX43X50X46X22
 #DEFINE TABLE_MEM_ZOLLARD // ZOLLARD
 #DEFINE TABLE_KILLER_ANIME // .anime killer_kill_by_port(htons(23)) // Kill telnet service
 killer_kill_by_port(htons(22)) // Kill SSH service
 killer_kill_by_port(htons(80)) // Kill HTTP service
  • 27. © 2016 Imperva, Inc. All rights reserved. - @KernelXSS -27 void attack_tcp_syn(uint8_t targs_len, struct attack_target *targs,…)
 void attack_tcp_ack(uint8_t targs_len, struct attack_target *targs,…)
 void attack_tcp_stomp(uint8_t targs_len, struct attack_target *targs,…)
 
 void attack_udp_generic(uint8_t targs_len, struct attack_target *targs,…)
 void attack_udp_plain(uint8_t targs_len, struct attack_target *targs,…)
 void attack_udp_dns(uint8_t targs_len, struct attack_target *targs,…)
 
 void attack_gre_ip(uint8_t targs_len, struct attack_target *targs,…)
 void attack_gre_eth(uint8_t targs_len, struct attack_target *targs,…)
 
 void attack_app_http(uint8_t targs_len, struct attack_target *targs,…)
  • 28. © 2016 Imperva, Inc. All rights reserved. - @KernelXSS -28 # define TABLE_ATK_DOSARREST 45 // "server: dosarrest"
 # define TABLE_ATK_CLOUDFLARE_NGINX 46 // "server: cloudflare-nginx"
 
 if (util_stristr(generic_memes, ret, table_retrieve_val(TABLE_ATK_CLOUDFLARE_NGINX, NULL)) != -1)
 conn->protection_type = HTTP_PROT_CLOUDFLARE;
 
 if (util_stristr(generic_memes, ret, table_retrieve_val(TABLE_ATK_DOSARREST, NULL)) != -1)
 conn->protection_type = HTTP_PROT_DOSARREST;
  • 29. © 2016 Imperva, Inc. All rights reserved. - @KernelXSS -29
  • 30. © 2016 Imperva, Inc. All rights reserved. - @KernelXSS -30
  • 33. TMI
  • 35. Host IDS/IPS Database Access Management Network Anomaly Detection Threat Intelligence Sharing MDM DDoS Mitigation Cloud Access Security Broker Identity Management Threat Containment Solutions Forensic Kits Honeypots Decoys Automated Vulnerability Assessment File Access Management Patch Inventory Management Device Control Management Network Access Control Database Firewalls Data Vaults
  • 36.
  • 39. © 2017 Imperva, Inc. All rights reserved. @KernelXSS @Incapsula_com The growing prevalence of IoTs 39 Source: Ericsson Mobility Report; June 2016.
  • 40.
  • 41. © 2017 Imperva, Inc. All rights reserved. @KernelXSS @Incapsula_com IoT botnets NG • Improving the C2 functionality: • DGA • P2P • Different spreading techniques • TR-069 vulnerabilities • Windows as a relay • Non-DDoS botnets • Bitcoin mining • SPAM spreading • Bruteforcing • IoT vigilantes - Hajime 41 Image credits: www.mobihealthnews.com
  • 42. How do we do that?
  • 43. Small Data is the new BigData
  • 47. © 2017 Imperva, Inc. All rights reserved.47 @KernelXSS, @imperva Thanks You! ⾮非常感谢您 linkedin.com/in/sysadmin ben.herzberg@imperva.com