SlideShare a Scribd company logo

DDOS ATTACK - MIRAI BOTNET

S
Sukhdeep Singh Sandhu

DDOS DNS FLOOD ATTACK

Technology
1 of 22
CYBER THREAT DNS FLOOD - DDOS ATTACK
DDOS ATTACK • What is DDOS attack • Distributed Denial of Service attack is also referred as DDOS is an attack to bring down the online service of any system by overloading it with request or ping • Types of DDOS • Volume based • Protocol Based • Application Based
DDOS – DNS FLOOD ATTACK • The attacker targets a DNS (Domain Name System) Server of an organization or a geographical zone to utilize its resources • The legitimate users/queries to the DNS Server will not be resolved and resulting in Denial of Service
MIRAI BOTNET MELBOURNE IT – DDOS ATTACK
MIRAI BOTNET 1. Scanning phase 2. Brute Force 3. Report Server 4. Malware Infection 5. Deleting Presence 6. Execution - Attack 7. After Attack
MIRAI BOTNET Scanning phase The first stage is to scan the IP Addresses of potential victim system and the hacker ping random IP addresses to find the genuine ones.
BRUTE FORCE Here it tries to Brute force the victim devices and it uses default password, majorly on IOT Devices
REPORT SERVER & MALWARE INFECTION Once Mirai has successfully login for the first time, it will scan and send the system IP and the user credentials to the Report server
REPORT SERVER & MALWARE INFECTION Loader program will asynchronously infect these vulnerable devices by • Logging in • Determine the system environment and • Finally will download and execute the architecture- specific malware
MIRAI – DELETING PRESENCE • Mirai try to conceal its presence after infecting the device • It will delete the downloaded binary and obfuscating its process name into some pseudorandom alphanumeric string.
ATTACK - MIRAI Once the Zombie machine is created, two major steps for attack is • Zombie machine setup Networking and open PF_INET socket of TCP and use port 48101 to listen to network traffic • When attack is launched, it telnet to the client and start FLOODING
AFTER ATTACK • Mirai use Telnet to communicate to C2 Server, so after the attack is launched it will kill other processes bound to TCP/22 or TCP/23, as well as processes associated with competing bot infections • It also simultaneously scan for new victims
DEFENSE & FORENSIC MIRAI Prevention and Mitigation
FIVE STAGES OF DEFENSE Training and Process plays an very important role in Defending against any cyber attack, in our case of Mirai Botnet, Mirai leaves signature and if the Admin is well aware of them and have followed a proper procedure they can identify the Malware • Any Linux ELF files have a folder as /watchdog/ Awareness
FIVE STAGES OF DEFENSE Training and Process plays an very important role in Defending against any cyber attack, in our case of Mirai Botnet, Mirai leaves signature and if the Admin is well aware of them and have followed a proper procedure they can identify the Malware • Any Linux ELF files have a folder as /watchdog/ • Any Directory with name /dvrHelper Awareness
FIVE STAGES OF DEFENSE Training and Process plays an very important role in Defending against any cyber attack, in our case of Mirai Botnet, Mirai leaves signature and if the Admin is well aware of them and have followed a proper procedure they can identify the Malware • Any Linux ELF files have a folder as /watchdog/ • Any Directory with name /dvrHelper • Block TCP port 48101 Blocking Access Awareness
FIVE STAGES OF DEFENSE • DNS Detection • DNS Logs must be examined for any abnormalities and as shown in the graph any spike, should be examined • Drop Quick Retransmission – any legitimate client will not send same queries again soon. RFC1034 ad RFC1035 suggests, if retransmission is coming from same source it must be dropped Blocking Access Awareness Finding Adversaries
FIVE STAGES OF DEFENSE Mirai Vulnerability Scanner • Simple, yet powerful tool to identify Mirai Vulnerability. It is provided by Incapsula • Cisco NetFlow – Powerful tool to monitor Network traffic such as: • Source IP address • Destination IP address • Source port • Destination port • Layer 3 protocol • TOS byte • Input interface Blocking Access Awareness Finding Adversaries Protecting Target Access
FIVE STAGES OF DEFENSE • Mirai Vulnerability Scanner • Simple, yet powerful tool to identify Mirai Vulnerability. It is provided by Incapsula • Cisco NetFlow – Powerful tool to monitor Network traffic such as: • Source IP address • Destination IP address • Source port • Destination port • Layer 3 protocol • TOS byte • Input interface Blocking Access Awareness Finding Adversaries Protecting Target Access
FIVE STAGES OF DEFENSE DDOS Mitigation plans • Geographic Infrastructure Diversity • Hybrid Cloud Infrastructure • Multi WAN Entry point for Large Enterprise and help from ISP to re- route the traffic • Get help from experts Blocking Access Awareness Finding Adversaries Protecting Target Access Mitigation Plans
DDOS ATTACK - MIRAI BOTNET

Recommended

IoT Security, Mirai Revisited
IoT Security, Mirai RevisitedIoT Security, Mirai Revisited
IoT Security, Mirai RevisitedClare Nelson, CISSP, CIPP-E
 
DDoS ATTACKS
DDoS ATTACKSDDoS ATTACKS
DDoS ATTACKSAnil Antony
 
Denial of Service Attacks (DoS/DDoS)
Denial of Service Attacks (DoS/DDoS)Denial of Service Attacks (DoS/DDoS)
Denial of Service Attacks (DoS/DDoS)Gaurav Sharma
 
Malware Analysis Made Simple
Malware Analysis Made SimpleMalware Analysis Made Simple
Malware Analysis Made SimplePaul Melson
 
Cyber security presentation
Cyber security presentation Cyber security presentation
Cyber security presentation sweetpeace1
 
Cybersecurity Awareness
Cybersecurity AwarenessCybersecurity Awareness
Cybersecurity AwarenessJoshuaWisniewski3
 
Social engineering attacks
Social engineering attacksSocial engineering attacks
Social engineering attacksRamiro Cid
 
What is Threat Hunting? - Panda Security
What is Threat Hunting? - Panda SecurityWhat is Threat Hunting? - Panda Security
What is Threat Hunting? - Panda SecurityPanda Security
 

Recommended

IoT Security, Mirai Revisited
IoT Security, Mirai RevisitedIoT Security, Mirai Revisited
IoT Security, Mirai RevisitedClare Nelson, CISSP, CIPP-E
 
DDoS ATTACKS
DDoS ATTACKSDDoS ATTACKS
DDoS ATTACKSAnil Antony
 
Denial of Service Attacks (DoS/DDoS)
Denial of Service Attacks (DoS/DDoS)Denial of Service Attacks (DoS/DDoS)
Denial of Service Attacks (DoS/DDoS)Gaurav Sharma
 
Malware Analysis Made Simple
Malware Analysis Made SimpleMalware Analysis Made Simple
Malware Analysis Made SimplePaul Melson
 
Cyber security presentation
Cyber security presentation Cyber security presentation
Cyber security presentation sweetpeace1
 
Cybersecurity Awareness
Cybersecurity AwarenessCybersecurity Awareness
Cybersecurity AwarenessJoshuaWisniewski3
 
Social engineering attacks
Social engineering attacksSocial engineering attacks
Social engineering attacksRamiro Cid
 
What is Threat Hunting? - Panda Security
What is Threat Hunting? - Panda SecurityWhat is Threat Hunting? - Panda Security
What is Threat Hunting? - Panda SecurityPanda Security
 
Vulnerability assessment & Penetration testing Basics
Vulnerability assessment & Penetration testing Basics Vulnerability assessment & Penetration testing Basics
Vulnerability assessment & Penetration testing Basics Mohammed Adam
 
Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]David Sweigert
 
Advanced persistent threat (apt)
Advanced persistent threat (apt)Advanced persistent threat (apt)
Advanced persistent threat (apt)mmubashirkhan
 
Botnet
BotnetBotnet
Botnetlokenra
 
Ethical Hacking n VAPT presentation by Suvrat jain
Ethical Hacking n VAPT presentation by Suvrat jainEthical Hacking n VAPT presentation by Suvrat jain
Ethical Hacking n VAPT presentation by Suvrat jainSuvrat Jain
 
Introduction to red team operations
Introduction to red team operationsIntroduction to red team operations
Introduction to red team operationsSunny Neo
 
Threat Intelligence 101 - Steve Lodin - Submitted
Threat Intelligence 101 - Steve Lodin - SubmittedThreat Intelligence 101 - Steve Lodin - Submitted
Threat Intelligence 101 - Steve Lodin - SubmittedSteve Lodin
 
An introduction to denial of service attacks
An introduction to denial of service attacksAn introduction to denial of service attacks
An introduction to denial of service attacksRollingsherman
 
A military perspective on cyber security
A military perspective on cyber securityA military perspective on cyber security
A military perspective on cyber securityJoey Hernandez
 
Addressing the cyber kill chain
Addressing the cyber kill chainAddressing the cyber kill chain
Addressing the cyber kill chainSymantec Brasil
 
1. introduction to cyber security
1. introduction to cyber security1. introduction to cyber security
1. introduction to cyber securityAnimesh Roy
 
Cybersecurity Awareness Training
Cybersecurity Awareness TrainingCybersecurity Awareness Training
Cybersecurity Awareness TrainingDave Monahan
 
Cyber Terrorism
Cyber TerrorismCyber Terrorism
Cyber TerrorismDeepak Pareek
 
Understanding Penetration Testing & its Benefits for Organization
Understanding Penetration Testing & its Benefits for OrganizationUnderstanding Penetration Testing & its Benefits for Organization
Understanding Penetration Testing & its Benefits for OrganizationPECB
 
NETWORK PENETRATION TESTING
NETWORK PENETRATION TESTINGNETWORK PENETRATION TESTING
NETWORK PENETRATION TESTINGEr Vivek Rana
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligencemohamed nasri
 
Spear Phishing Attacks
Spear Phishing AttacksSpear Phishing Attacks
Spear Phishing Attacksn|u - The Open Security Community
 
Cyber kill chain
Cyber kill chainCyber kill chain
Cyber kill chainAnkita Ganguly
 
Hacking and Types of Hacker.
Hacking and Types of Hacker.Hacking and Types of Hacker.
Hacking and Types of Hacker.Coder Tech
 
CYBER SECURITY
CYBER SECURITYCYBER SECURITY
CYBER SECURITYMohammad Shakirul islam
 
DDOS ATTACKS
DDOS ATTACKSDDOS ATTACKS
DDOS ATTACKSShaurya Gogia
 
Cyber Security Terms
Cyber Security TermsCyber Security Terms
Cyber Security TermsSuryaprakash Nehra
 

More Related Content

What's hot

Vulnerability assessment & Penetration testing Basics
Vulnerability assessment & Penetration testing Basics Vulnerability assessment & Penetration testing Basics
Vulnerability assessment & Penetration testing Basics Mohammed Adam
 
Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]David Sweigert
 
Advanced persistent threat (apt)
Advanced persistent threat (apt)Advanced persistent threat (apt)
Advanced persistent threat (apt)mmubashirkhan
 
Ethical Hacking n VAPT presentation by Suvrat jain
Ethical Hacking n VAPT presentation by Suvrat jainEthical Hacking n VAPT presentation by Suvrat jain
Ethical Hacking n VAPT presentation by Suvrat jainSuvrat Jain
 
Introduction to red team operations
Introduction to red team operationsIntroduction to red team operations
Introduction to red team operationsSunny Neo
 
Threat Intelligence 101 - Steve Lodin - Submitted
Threat Intelligence 101 - Steve Lodin - SubmittedThreat Intelligence 101 - Steve Lodin - Submitted
Threat Intelligence 101 - Steve Lodin - SubmittedSteve Lodin
 
An introduction to denial of service attacks
An introduction to denial of service attacksAn introduction to denial of service attacks
An introduction to denial of service attacksRollingsherman
 
A military perspective on cyber security
A military perspective on cyber securityA military perspective on cyber security
A military perspective on cyber securityJoey Hernandez
 
Addressing the cyber kill chain
Addressing the cyber kill chainAddressing the cyber kill chain
Addressing the cyber kill chainSymantec Brasil
 
1. introduction to cyber security
1. introduction to cyber security1. introduction to cyber security
1. introduction to cyber securityAnimesh Roy
 
Cybersecurity Awareness Training
Cybersecurity Awareness TrainingCybersecurity Awareness Training
Cybersecurity Awareness TrainingDave Monahan
 
Understanding Penetration Testing & its Benefits for Organization
Understanding Penetration Testing & its Benefits for OrganizationUnderstanding Penetration Testing & its Benefits for Organization
Understanding Penetration Testing & its Benefits for OrganizationPECB
 
NETWORK PENETRATION TESTING
NETWORK PENETRATION TESTINGNETWORK PENETRATION TESTING
NETWORK PENETRATION TESTINGEr Vivek Rana
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligencemohamed nasri
 
Hacking and Types of Hacker.
Hacking and Types of Hacker.Hacking and Types of Hacker.
Hacking and Types of Hacker.Coder Tech
 

What's hot (20)

Vulnerability assessment & Penetration testing Basics
Vulnerability assessment & Penetration testing Basics Vulnerability assessment & Penetration testing Basics
Vulnerability assessment & Penetration testing Basics
 
Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]
 
Advanced persistent threat (apt)
Advanced persistent threat (apt)Advanced persistent threat (apt)
Advanced persistent threat (apt)
 
Botnet
BotnetBotnet
Botnet
 
Ethical Hacking n VAPT presentation by Suvrat jain
Ethical Hacking n VAPT presentation by Suvrat jainEthical Hacking n VAPT presentation by Suvrat jain
Ethical Hacking n VAPT presentation by Suvrat jain
 
Introduction to red team operations
Introduction to red team operationsIntroduction to red team operations
Introduction to red team operations
 
Threat Intelligence 101 - Steve Lodin - Submitted
Threat Intelligence 101 - Steve Lodin - SubmittedThreat Intelligence 101 - Steve Lodin - Submitted
Threat Intelligence 101 - Steve Lodin - Submitted
 
An introduction to denial of service attacks
An introduction to denial of service attacksAn introduction to denial of service attacks
An introduction to denial of service attacks
 
A military perspective on cyber security
A military perspective on cyber securityA military perspective on cyber security
A military perspective on cyber security
 
Addressing the cyber kill chain
Addressing the cyber kill chainAddressing the cyber kill chain
Addressing the cyber kill chain
 
1. introduction to cyber security
1. introduction to cyber security1. introduction to cyber security
1. introduction to cyber security
 
Cybersecurity Awareness Training
Cybersecurity Awareness TrainingCybersecurity Awareness Training
Cybersecurity Awareness Training
 
Cyber Terrorism
Cyber TerrorismCyber Terrorism
Cyber Terrorism
 
Understanding Penetration Testing & its Benefits for Organization
Understanding Penetration Testing & its Benefits for OrganizationUnderstanding Penetration Testing & its Benefits for Organization
Understanding Penetration Testing & its Benefits for Organization
 
NETWORK PENETRATION TESTING
NETWORK PENETRATION TESTINGNETWORK PENETRATION TESTING
NETWORK PENETRATION TESTING
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligence
 
Spear Phishing Attacks
Spear Phishing AttacksSpear Phishing Attacks
Spear Phishing Attacks
 
Cyber kill chain
Cyber kill chainCyber kill chain
Cyber kill chain
 
Hacking and Types of Hacker.
Hacking and Types of Hacker.Hacking and Types of Hacker.
Hacking and Types of Hacker.
 
CYBER SECURITY
CYBER SECURITYCYBER SECURITY
CYBER SECURITY
 

Similar to DDOS ATTACK - MIRAI BOTNET

How to stay protected against ransomware
How to stay protected against ransomwareHow to stay protected against ransomware
How to stay protected against ransomwareSophos Benelux
 
13th Symposium of Association of Anti Virus Asia Researchers (AAVAR 2010) con...
13th Symposium of Association of Anti Virus Asia Researchers (AAVAR 2010) con...13th Symposium of Association of Anti Virus Asia Researchers (AAVAR 2010) con...
13th Symposium of Association of Anti Virus Asia Researchers (AAVAR 2010) con...Aditya K Sood
 
Information about malwares and Attacks.pptx
Information about malwares and Attacks.pptxInformation about malwares and Attacks.pptx
Information about malwares and Attacks.pptxmalikmuzammil2326
 
BalCcon 2015 - DTS Solution - Attacking the Unknown by Mohamed Bedewi
BalCcon 2015 - DTS Solution - Attacking the Unknown by Mohamed BedewiBalCcon 2015 - DTS Solution - Attacking the Unknown by Mohamed Bedewi
BalCcon 2015 - DTS Solution - Attacking the Unknown by Mohamed BedewiShah Sheikh
 
(130119) #fitalk apt, cyber espionage threat
(130119) #fitalk apt, cyber espionage threat(130119) #fitalk apt, cyber espionage threat
(130119) #fitalk apt, cyber espionage threatINSIGHT FORENSIC
 
Meet Remaiten : Malware Builds Botnet on Linux based routers and potentially ...
Meet Remaiten : Malware Builds Botnet on Linux based routers and potentially ...Meet Remaiten : Malware Builds Botnet on Linux based routers and potentially ...
Meet Remaiten : Malware Builds Botnet on Linux based routers and potentially ...APNIC
 
UTM (unified threat management)
UTM (unified threat management)UTM (unified threat management)
UTM (unified threat management)military
 
Lecture 7 Attacker and there tools.pptx
Lecture 7 Attacker and there tools.pptxLecture 7 Attacker and there tools.pptx
Lecture 7 Attacker and there tools.pptxAsmaaLafi1
 
Fight fire with fire draft
Fight fire with fire draftFight fire with fire draft
Fight fire with fire draftNishant Agrawal
 
Network Penetration Testing
Network Penetration TestingNetwork Penetration Testing
Network Penetration TestingMohammed Adam
 
Ids 009 network attacks
Ids 009 network attacksIds 009 network attacks
Ids 009 network attacksjyoti_lakhani
 

Similar to DDOS ATTACK - MIRAI BOTNET (20)

DDOS ATTACKS
DDOS ATTACKSDDOS ATTACKS
DDOS ATTACKS
 
Cyber Security Terms
Cyber Security TermsCyber Security Terms
Cyber Security Terms
 
How to stay protected against ransomware
How to stay protected against ransomwareHow to stay protected against ransomware
How to stay protected against ransomware
 
13th Symposium of Association of Anti Virus Asia Researchers (AAVAR 2010) con...
13th Symposium of Association of Anti Virus Asia Researchers (AAVAR 2010) con...13th Symposium of Association of Anti Virus Asia Researchers (AAVAR 2010) con...
13th Symposium of Association of Anti Virus Asia Researchers (AAVAR 2010) con...
 
Information about malwares and Attacks.pptx
Information about malwares and Attacks.pptxInformation about malwares and Attacks.pptx
Information about malwares and Attacks.pptx
 
BalCcon 2015 - DTS Solution - Attacking the Unknown by Mohamed Bedewi
BalCcon 2015 - DTS Solution - Attacking the Unknown by Mohamed BedewiBalCcon 2015 - DTS Solution - Attacking the Unknown by Mohamed Bedewi
BalCcon 2015 - DTS Solution - Attacking the Unknown by Mohamed Bedewi
 
Hacking by Pratyush Gupta
Hacking by Pratyush GuptaHacking by Pratyush Gupta
Hacking by Pratyush Gupta
 
Security and Linux Security
Security and Linux SecuritySecurity and Linux Security
Security and Linux Security
 
Botnets Attacks.pptx
Botnets Attacks.pptxBotnets Attacks.pptx
Botnets Attacks.pptx
 
(130119) #fitalk apt, cyber espionage threat
(130119) #fitalk apt, cyber espionage threat(130119) #fitalk apt, cyber espionage threat
(130119) #fitalk apt, cyber espionage threat
 
BOTNET
BOTNETBOTNET
BOTNET
 
Meet Remaiten : Malware Builds Botnet on Linux based routers and potentially ...
Meet Remaiten : Malware Builds Botnet on Linux based routers and potentially ...Meet Remaiten : Malware Builds Botnet on Linux based routers and potentially ...
Meet Remaiten : Malware Builds Botnet on Linux based routers and potentially ...
 
UTM (unified threat management)
UTM (unified threat management)UTM (unified threat management)
UTM (unified threat management)
 
Hacking tutorial
Hacking tutorialHacking tutorial
Hacking tutorial
 
Lecture 7 Attacker and there tools.pptx
Lecture 7 Attacker and there tools.pptxLecture 7 Attacker and there tools.pptx
Lecture 7 Attacker and there tools.pptx
 
Fight fire with fire draft
Fight fire with fire draftFight fire with fire draft
Fight fire with fire draft
 
Network Penetration Testing
Network Penetration TestingNetwork Penetration Testing
Network Penetration Testing
 
Hacking
HackingHacking
Hacking
 
Hacking
HackingHacking
Hacking
 
Ids 009 network attacks
Ids 009 network attacksIds 009 network attacks
Ids 009 network attacks
 

Recently uploaded

Science&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdfScience&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdfjimielynbastida
 
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024BookNet Canada
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
costume and set research powerpoint presentation
costume and set research powerpoint presentationcostume and set research powerpoint presentation
costume and set research powerpoint presentationphoebematthew05
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr LapshynFwdays
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxnull - The Open Security Community
 
Bluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdfBluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdfngoud9212
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGMarianaLemus7
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024The Digital Insurer
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 

Recently uploaded (20)

Science&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdfScience&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdf
 
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
costume and set research powerpoint presentation
costume and set research powerpoint presentationcostume and set research powerpoint presentation
costume and set research powerpoint presentation
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
 
Bluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdfBluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdf
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDG
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 

DDOS ATTACK - MIRAI BOTNET

  • 1. CYBER THREAT DNS FLOOD - DDOS ATTACK
  • 2. DDOS ATTACK • What is DDOS attack • Distributed Denial of Service attack is also referred as DDOS is an attack to bring down the online service of any system by overloading it with request or ping • Types of DDOS • Volume based • Protocol Based • Application Based
  • 3. DDOS – DNS FLOOD ATTACK • The attacker targets a DNS (Domain Name System) Server of an organization or a geographical zone to utilize its resources • The legitimate users/queries to the DNS Server will not be resolved and resulting in Denial of Service
  • 4.
  • 5. MIRAI BOTNET MELBOURNE IT – DDOS ATTACK
  • 6. MIRAI BOTNET 1. Scanning phase 2. Brute Force 3. Report Server 4. Malware Infection 5. Deleting Presence 6. Execution - Attack 7. After Attack
  • 7. MIRAI BOTNET Scanning phase The first stage is to scan the IP Addresses of potential victim system and the hacker ping random IP addresses to find the genuine ones.
  • 8. BRUTE FORCE Here it tries to Brute force the victim devices and it uses default password, majorly on IOT Devices
  • 9. REPORT SERVER & MALWARE INFECTION Once Mirai has successfully login for the first time, it will scan and send the system IP and the user credentials to the Report server
  • 10. REPORT SERVER & MALWARE INFECTION Loader program will asynchronously infect these vulnerable devices by • Logging in • Determine the system environment and • Finally will download and execute the architecture- specific malware
  • 11. MIRAI – DELETING PRESENCE • Mirai try to conceal its presence after infecting the device • It will delete the downloaded binary and obfuscating its process name into some pseudorandom alphanumeric string.
  • 12. ATTACK - MIRAI Once the Zombie machine is created, two major steps for attack is • Zombie machine setup Networking and open PF_INET socket of TCP and use port 48101 to listen to network traffic • When attack is launched, it telnet to the client and start FLOODING
  • 13. AFTER ATTACK • Mirai use Telnet to communicate to C2 Server, so after the attack is launched it will kill other processes bound to TCP/22 or TCP/23, as well as processes associated with competing bot infections • It also simultaneously scan for new victims
  • 14. DEFENSE & FORENSIC MIRAI Prevention and Mitigation
  • 15. FIVE STAGES OF DEFENSE Training and Process plays an very important role in Defending against any cyber attack, in our case of Mirai Botnet, Mirai leaves signature and if the Admin is well aware of them and have followed a proper procedure they can identify the Malware • Any Linux ELF files have a folder as /watchdog/ Awareness
  • 16. FIVE STAGES OF DEFENSE Training and Process plays an very important role in Defending against any cyber attack, in our case of Mirai Botnet, Mirai leaves signature and if the Admin is well aware of them and have followed a proper procedure they can identify the Malware • Any Linux ELF files have a folder as /watchdog/ • Any Directory with name /dvrHelper Awareness
  • 17. FIVE STAGES OF DEFENSE Training and Process plays an very important role in Defending against any cyber attack, in our case of Mirai Botnet, Mirai leaves signature and if the Admin is well aware of them and have followed a proper procedure they can identify the Malware • Any Linux ELF files have a folder as /watchdog/ • Any Directory with name /dvrHelper • Block TCP port 48101 Blocking Access Awareness
  • 18. FIVE STAGES OF DEFENSE • DNS Detection • DNS Logs must be examined for any abnormalities and as shown in the graph any spike, should be examined • Drop Quick Retransmission – any legitimate client will not send same queries again soon. RFC1034 ad RFC1035 suggests, if retransmission is coming from same source it must be dropped Blocking Access Awareness Finding Adversaries
  • 19. FIVE STAGES OF DEFENSE Mirai Vulnerability Scanner • Simple, yet powerful tool to identify Mirai Vulnerability. It is provided by Incapsula • Cisco NetFlow – Powerful tool to monitor Network traffic such as: • Source IP address • Destination IP address • Source port • Destination port • Layer 3 protocol • TOS byte • Input interface Blocking Access Awareness Finding Adversaries Protecting Target Access
  • 20. FIVE STAGES OF DEFENSE • Mirai Vulnerability Scanner • Simple, yet powerful tool to identify Mirai Vulnerability. It is provided by Incapsula • Cisco NetFlow – Powerful tool to monitor Network traffic such as: • Source IP address • Destination IP address • Source port • Destination port • Layer 3 protocol • TOS byte • Input interface Blocking Access Awareness Finding Adversaries Protecting Target Access
  • 21. FIVE STAGES OF DEFENSE DDOS Mitigation plans • Geographic Infrastructure Diversity • Hybrid Cloud Infrastructure • Multi WAN Entry point for Large Enterprise and help from ISP to re- route the traffic • Get help from experts Blocking Access Awareness Finding Adversaries Protecting Target Access Mitigation Plans