Dennis Ulse's Presentation from SecureWorld Expo Atlanta that discusses Availability-based threats; Attacks on U.S. banks and other popular attack patterns and trends.
In the Line of Fire - The Morphology of Cyber-AttacksRadware
Presentation from Dennis Usle during TakeDownCon in Huntsville, AL that discusses Availability-based threats; Attacks on U.S. banks and others popular attack patterns & trends.
From his series of presentations during SecureWorld and also the iTech 2013 Conference, Radware Attack Mitigation Specialist David Hobbs presents “Survival in an Evolving Threat Landscape.” The discussion covers availability-based threats, attacks on the U.S. banks and others popular patterns & trends.
SecureWorld St. Louis: Survival in an Evolving Threat LandscapeRadware
David Hobbs’ presentation from SecureWorld Expo - St. Louis discusses availability-based threats; attacks on U.S. banks and other popular attack patterns & trends.
In the Line of Fire-the Morphology of Cyber AttacksRadware
David Hobbs’ Presentation from his series of presentations during SecureWorld that discusses Availability-based threats; Attacks on U.S. banks and others popular attack patterns & trends.
Why Federal Systems are Immune from Ransomware...& other Grim Fairy Tales)BeyondTrust
The Federal computing space has been relatively unscathed by ransomware attacks such as Petya, WannaCry, and others—but are Federal systems really that much better than their commercial counterparts?
In this presentation from his webinar, cybersecurity expert and SANS Institute Instructor G. Mark Hardy, explores the myth of invulnerability and why Federal systems have appeared to dodge the ransomware bullet — so far. Although best practices go a long way, aging technology, legacy systems, and sheer size make the case for additional protection.
This presentation (and the webinar), also cover
• Why a Cybersecurity Sprint can’t win a marathon
• How ransomware is evolving faster than we can defend
• Ways to identify potential vulnerabilities before they are exploited
• Seven tips for reducing the Federal attack surface
Catch the full, on-demand webinar here: https://www.beyondtrust.com/resources/webinar/federal-systems-immune-ransomware-grim-fairy-tales/
The Art of Cyber War: Cyber Security Strategies in a Rapidly Evolving TheatreRadware
Is the world in the midst of a cyber-war? If so, what are the implications?
In this presentation Carl Herberger, Radware's VP of Security Solutions, explores some of the most notable recent cyber-attacks and how many of the findings correlate with the tenets of warfare as defined in The Art of War by Sun Tzu, the ancient military general, strategist and tactician.
How should organizations be preparing for an information security landscape that is shaped by ideologically motivated cyber warfare rather than just opportunistic cyber-crime? Learn the techniques being employed to safeguard IT operations in a theatre that is witnessing ever more sophisticated attacks.
For more on how to help detect, mitigate and win this cyber war battle, visit here: http://www.radware.com/ert-report-2013/ to download the 2013 Global Application and Network Security Report.
In the Line of Fire - The Morphology of Cyber-AttacksRadware
Presentation from Dennis Usle during TakeDownCon in Huntsville, AL that discusses Availability-based threats; Attacks on U.S. banks and others popular attack patterns & trends.
From his series of presentations during SecureWorld and also the iTech 2013 Conference, Radware Attack Mitigation Specialist David Hobbs presents “Survival in an Evolving Threat Landscape.” The discussion covers availability-based threats, attacks on the U.S. banks and others popular patterns & trends.
SecureWorld St. Louis: Survival in an Evolving Threat LandscapeRadware
David Hobbs’ presentation from SecureWorld Expo - St. Louis discusses availability-based threats; attacks on U.S. banks and other popular attack patterns & trends.
In the Line of Fire-the Morphology of Cyber AttacksRadware
David Hobbs’ Presentation from his series of presentations during SecureWorld that discusses Availability-based threats; Attacks on U.S. banks and others popular attack patterns & trends.
Why Federal Systems are Immune from Ransomware...& other Grim Fairy Tales)BeyondTrust
The Federal computing space has been relatively unscathed by ransomware attacks such as Petya, WannaCry, and others—but are Federal systems really that much better than their commercial counterparts?
In this presentation from his webinar, cybersecurity expert and SANS Institute Instructor G. Mark Hardy, explores the myth of invulnerability and why Federal systems have appeared to dodge the ransomware bullet — so far. Although best practices go a long way, aging technology, legacy systems, and sheer size make the case for additional protection.
This presentation (and the webinar), also cover
• Why a Cybersecurity Sprint can’t win a marathon
• How ransomware is evolving faster than we can defend
• Ways to identify potential vulnerabilities before they are exploited
• Seven tips for reducing the Federal attack surface
Catch the full, on-demand webinar here: https://www.beyondtrust.com/resources/webinar/federal-systems-immune-ransomware-grim-fairy-tales/
The Art of Cyber War: Cyber Security Strategies in a Rapidly Evolving TheatreRadware
Is the world in the midst of a cyber-war? If so, what are the implications?
In this presentation Carl Herberger, Radware's VP of Security Solutions, explores some of the most notable recent cyber-attacks and how many of the findings correlate with the tenets of warfare as defined in The Art of War by Sun Tzu, the ancient military general, strategist and tactician.
How should organizations be preparing for an information security landscape that is shaped by ideologically motivated cyber warfare rather than just opportunistic cyber-crime? Learn the techniques being employed to safeguard IT operations in a theatre that is witnessing ever more sophisticated attacks.
For more on how to help detect, mitigate and win this cyber war battle, visit here: http://www.radware.com/ert-report-2013/ to download the 2013 Global Application and Network Security Report.
Exploring DDoS Attacks: Impact to Community Financial InstitutionsJay McLaughlin
DDoS attacks have catapulted to the forefront of banking security news after the industry experienced a series of multi-phased attacks beginning back in September of 2012. Hackers launch DDoS attacks prompted by one of two common motives. Protest attacks, like OpUSA, target large, high-profile banks and are often launched for social or political purposes. Attacks on community banks are usually used to as a distraction in conjunction with account takeover attacks. This event is designed to strengthen the awareness and defenses of participants. Jay McLaughlin, this session's presenter, fights cybercrime aimed at financial institutions on a daily basis as Q2ebanking's Chief Security Officer. Jay will break down conceptual and technical aspects of DDoS attack types, clarify the differing attacker motives, and discuss how community banks can build a layered security model to prevent DDoS attacks.
Thotcon 0x5 - Retroactive Wiretapping VPN over DNSJohn Bambenek
These are the slides of a talk by John Bambenek at THOTCON 0x5 in Chicago.
Imagine your first day at a client site and you spend your time figuring out what’s going on with the network. You query passive DNS to find tons of apparently VPN over DNS endpoints on your network. What starts as a simple incident investigation process sees the tables turned on those who used the protocol to hide their tracks. This talk will discuss reverse engineering VPN over DNS (vpnoverdns.com) and how weaknesses in using DNS tunneling makes it trivial to retroactively wiretap all communications over the protocol long after the fact.
Are we near the point of cyber-armageddon or are we simply engaged in a new reality of information security priorities? Are the attacks being discovered daily against private sector and public federal systems somehow unique and new, or are they simply the new reality of cyberspace? Organizations are regularly forced to make difficult decisions about how best to protect their information systems. Executives daily open the newspaper to find another example of effective cyber attacks and hacking. How do organizations know when security mechanisms are enough to keep their data safe? In an effort to answer this question and respond to mounting cyber incidents worldwide, the US federal government has been engaging in numerous efforts to secure cyberspace. But what are they and will they be enough? In this presentation James Tarala, a Senior Instructor with the SANS Institute and a Principal Consultant at Enclave Security, will describe current efforts and the tools being offered to help citizens and protect cyberspace.
Blackhat USA 2014 - The New Scourge of RansomwareJohn Bambenek
In March of this year, a Romanian man killed himself and his 4-year old son because of a ransomware he received after visiting adult websites. This "police impersonation" malware instructed him to pay a massive fine or else go to jail for 11 years. Ransomware isn't a new threat; however, it introduced new life with CryptoLocker, the very first variant to perform encryption correctly, thussignificantly inhibiting security researchers and their typical countermeasures. Due to its unique nature, CryptoLocker is one of the few current malware campaigns that spawned its own working group focused around remediation. As time progressed, other ransomware copycat campaigns emerged, some of which got media attention even though they were nothing but vaporware.
This talk will focus on what the threat intelligence community did in response to this threat, including the development of near-time tracking of its infrastructure and what can be learned in order to manage new threats as they emerge.
Is DNS a Part of Your Cyber Security Strategy?
Detecting malware, helping to prevent and disrupt command and control communication, ransomware and phishing attacks, being part of a data loss prevention program– DNS can help with this and much more, but are you leveraging it as part of your security controls and processes? DNS is the perfect choke point to stop not just data exfiltration through it, but also detect and stop malware from spreading and executing.
In this session, you'll learn:
The value of DNS as part of your cyber strategy
How DNS can provide your SIEM with actionable intelligence
How DNS can add value to other security controls, such as vulnerability scanners and end point protection
Join Infoblox for a discussion on this often overlooked topic.
Qrator and Wallarm 2016 State of Network Security report is dedicated to the main events and strong trends in the network security industry. Particular attention is payed to the DDoS, Internet infrastructure, hacks and vulnerabilities in software and hardware, like connected devices.
Exploring DDoS Attacks: Impact to Community Financial InstitutionsJay McLaughlin
DDoS attacks have catapulted to the forefront of banking security news after the industry experienced a series of multi-phased attacks beginning back in September of 2012. Hackers launch DDoS attacks prompted by one of two common motives. Protest attacks, like OpUSA, target large, high-profile banks and are often launched for social or political purposes. Attacks on community banks are usually used to as a distraction in conjunction with account takeover attacks. This event is designed to strengthen the awareness and defenses of participants. Jay McLaughlin, this session's presenter, fights cybercrime aimed at financial institutions on a daily basis as Q2ebanking's Chief Security Officer. Jay will break down conceptual and technical aspects of DDoS attack types, clarify the differing attacker motives, and discuss how community banks can build a layered security model to prevent DDoS attacks.
Thotcon 0x5 - Retroactive Wiretapping VPN over DNSJohn Bambenek
These are the slides of a talk by John Bambenek at THOTCON 0x5 in Chicago.
Imagine your first day at a client site and you spend your time figuring out what’s going on with the network. You query passive DNS to find tons of apparently VPN over DNS endpoints on your network. What starts as a simple incident investigation process sees the tables turned on those who used the protocol to hide their tracks. This talk will discuss reverse engineering VPN over DNS (vpnoverdns.com) and how weaknesses in using DNS tunneling makes it trivial to retroactively wiretap all communications over the protocol long after the fact.
Are we near the point of cyber-armageddon or are we simply engaged in a new reality of information security priorities? Are the attacks being discovered daily against private sector and public federal systems somehow unique and new, or are they simply the new reality of cyberspace? Organizations are regularly forced to make difficult decisions about how best to protect their information systems. Executives daily open the newspaper to find another example of effective cyber attacks and hacking. How do organizations know when security mechanisms are enough to keep their data safe? In an effort to answer this question and respond to mounting cyber incidents worldwide, the US federal government has been engaging in numerous efforts to secure cyberspace. But what are they and will they be enough? In this presentation James Tarala, a Senior Instructor with the SANS Institute and a Principal Consultant at Enclave Security, will describe current efforts and the tools being offered to help citizens and protect cyberspace.
Blackhat USA 2014 - The New Scourge of RansomwareJohn Bambenek
In March of this year, a Romanian man killed himself and his 4-year old son because of a ransomware he received after visiting adult websites. This "police impersonation" malware instructed him to pay a massive fine or else go to jail for 11 years. Ransomware isn't a new threat; however, it introduced new life with CryptoLocker, the very first variant to perform encryption correctly, thussignificantly inhibiting security researchers and their typical countermeasures. Due to its unique nature, CryptoLocker is one of the few current malware campaigns that spawned its own working group focused around remediation. As time progressed, other ransomware copycat campaigns emerged, some of which got media attention even though they were nothing but vaporware.
This talk will focus on what the threat intelligence community did in response to this threat, including the development of near-time tracking of its infrastructure and what can be learned in order to manage new threats as they emerge.
Is DNS a Part of Your Cyber Security Strategy?
Detecting malware, helping to prevent and disrupt command and control communication, ransomware and phishing attacks, being part of a data loss prevention program– DNS can help with this and much more, but are you leveraging it as part of your security controls and processes? DNS is the perfect choke point to stop not just data exfiltration through it, but also detect and stop malware from spreading and executing.
In this session, you'll learn:
The value of DNS as part of your cyber strategy
How DNS can provide your SIEM with actionable intelligence
How DNS can add value to other security controls, such as vulnerability scanners and end point protection
Join Infoblox for a discussion on this often overlooked topic.
Qrator and Wallarm 2016 State of Network Security report is dedicated to the main events and strong trends in the network security industry. Particular attention is payed to the DDoS, Internet infrastructure, hacks and vulnerabilities in software and hardware, like connected devices.
How do hackers automate? What do they automate? And most importantly: How can security teams block automated attacks? The latest Hacker Intelligence Initiative from Imperva's Application Defense Center will help you answer these questions and many more.
2012 Global Application and Network Security ReportRadware
Prepared by Radware’s Emergency Response Team (ERT), 2012 Global Application and Network Security Report highlights server-based botnets and encrypted layer attacks as just two of the new attack tools challenging organizations during DDoS attacks. Most recently, these tactics were leveraged by perpetrators in the attacks against U.S. financial institutions that have been ongoing since September 2012.
2011 Global Application and Network Security ReportRadware
The 2011 Radware Global Application & Network Security Report is an informative and practical compilation of security findings providing a view of the state of global cyber security worldwide.
An Important Notice About Shellshock Bash Protection
Since the news about “Shellshock Bash” vulnerabilities came out, we have been working around the clock to ensure our customers and partners are getting the best solutions from us. We have published this Shellshock Security Advisory, which will help protect your business with:
• Two IPS signatures that can be used by DefensePro to block the vulnerability
• Recommendations provided by Radware’s Emergency Response Team (ERT) that can be applied immediately
• Recommended reference sources and vendor information
Radware's team of cyber-security experts is available to our customers, 24/7. Contact us if you require immediate support for this vulnerability. We assure you that we continue to closely monitor the situation in order to ensure we provide you with the best cyber-attack protection mechanisms.
The enterprise perimeter is disappearing. Migration to the cloud means a more distributed network infrastructure. Transition of web based applications to the cloud renders on premise mitigation tools ineffective against web attacks and requires organizations to protect applications both on premise and in-the-cloud.
Introducing Radware's Hybrid Cloud WAF Service - a fully-managed, always on service that integrates cloud-based with on premise protection against a broad range of attack vectors.
Visit here http://www.radware.com/social/hybridcloudwaf/ to read "The Dawn of Hybrid Cloud WAF" and to learn how the industry's first hybrid cloud-based WAF service addresses today's most challenging web-based cyber-attacks.
SecureWorld: Information Security Adaption: Survival In An Evolving Threat L...Radware
Carl Herberger’s presentation during his series of SecureWorld events. Carl discusses the evolving threat landscape, the anatomy of an attack and securing tomorrow’s perimeter.
Eventually, every website fails. If it's a household-name site like Amazon, then news of that failure gets around faster than a rocket full of monkeys. That's because downtime hurts. As a for-instance, in 2013 Amazon suffered a 40-minute outage that allegedly cost the company $5 million in lost sales. That's a big number, and everybody loves big numbers.
But when it comes to performance-related losses, is it the biggest number?
In this presentation from the CMG Performance and Capacity 2014 conference, Radware Web Performance Expert Tammy Everts reviews real-world examples that compare the cost of site slowdowns versus outages. We also talk about how to overcome the challenges of creating as much urgency around the topic of slow time as there is around the topic of downtime.
Philippines Cybersecurity Conference 2021: The role of CERTsAPNIC
APNIC Senior Security Specialist Adli Wahid spoke on the importance and role of CERTs in helping prevent cyber attacks at the Philippines Cybersecurity Conference 2021, held online from 13 to 29 October 2021.
The Art of Cyber War [From Black Hat Brazil 2014]Radware
With cyber-attacks becoming a growing concern for organizations, availability-based attacks, also known as Denial of Service or Distributed Denial of Service attacks, have long moved from a form of cyber protest to a destructive weapon that is used by cyber criminals, hacktivists and even governments.
In 2013 we saw a growing use of a new type of attack where attackers used legitimate transactions to saturate application servers’ resources. In this presentation, Security Expert Werner Thalmeier demonstrates how such an advanced attack can be created from a laptop running in an anonymous public WiFi network. He also evaluates the attack landscape and its impact on organizations as well as shares the best practices to protect against such cyber-attacks.
Understand the current availability-based threat landscape and learn about new types of cyber-attacks that are being used to saturate resources. For more information on the state of Application and Network Security, please visit: http://www.radware.com/ert-report-2013/
DOS / DDOS introduction
How Easy it is to get information
Real Life Examples MyDoom , GitHub , Dyn , Windows Server and Windows 10 servers running Internet Information Services (IIS) are vulnerable to denial of service (DOS) attacks
Base of Attacks
Types of DOS / DDOS
Attack Tools , LOIC, XOIC, Stacheldracht
DOS/DDOS Weaknesses
Category of OS/ DDOS
What to defend?
Botnets and Botnets mitigations
Michael Calce, a.k.a. MafiaBoy
Point of entrance / OSI Model ( If time permit)
When you're at the edge, speed, security, and server health cannot be an afterthought. In this session, Cloudflare’s VP of Product Sergi Isasi and Pavan Tirupati, Product Manager from WP Engine will discuss why having an edge-first mentality is essential to the success of each website you build or maintain.
Cybersecurity: Do Your Have a Plan to Address Threats and Prevent Liability?Codero
Codero is an Infrastructure-as-a-Service provider that offers dedicated, cloud, managed and hybrid hosting services to over 3,400 domestic and international customers from three data center locations. We are at an interesting vantage point where we see all sorts of interesting things – this presentation will focus as a ‘report from the field’ related to cybersecurity from our position.
DNS is critical network infrastructure and securing it against attacks like DDoS, NXDOMAIN, hijacking and Malware/APT is very important to protecting any business.
The security experts from Cloudflare and WP Engine help you navigate the security landscape for your web infrastructure.
Register to watch the on-demand webinar: https://hs.wpengine.com/webinar-securing-web-infrastructure
Network and Application Security 2017. Prediction 2017Wallarm
rator and Wallarm 2016 State of Network Security report is dedicated to the main events and strong trends in the network security industry.
Particular attention is paid to the DDoS, internet infrastructure, hacks and vulnerabilities in software and hardware, like connected devices.
Nominum Data Science Security Report, Fall 2016Brian Metzger
Nominum’s “Data Revelations” analyzes some of the biggest cyberthreats impacting organizations and individuals today, including ransomware, DDoS, mobile malware and IoT-based attacks. Since DNS is the launch point for over 90% of cyberattacks, it offers a superior vantage point from which to examine, understand, thwart and proactively prevent threats. By applying machine learning, artificial intelligence, natural language processing and neural networks, Nominum Data Science is able to predict and prevent some of the most sophisticated and dangerous cyberthreats to ever hit the internet.
Presentation by Charl van der Walt at INFO SEC Africa 2001.
The presentation begins with a case study of a DoS attack launched on a number of high profile sites by the canadian teen "Mafiaboy". An explanation of DoS and DDoS given. The impact of DDoS in South Africa is also discussed. The presentation ends with a series of discussions on DDoS countermeasures.
DDosMon A Global DDoS Monitoring Project by Yiming Gong.
A presentation given at APNIC 42's FIRST TC Security Session (2) session on Wednesday, 5 October 2016.
Similar to In the Line of Fire-the Morphology of Cyber Attacks (20)
Cyber Security Through the Eyes of the C-Suite (Infographic)Radware
C-level executives are grappling with a new breed of cyber-attacks. How are they responding to ransom-based threats? Why are they turning to ex-hackers for help? Radware interviewed 200 IT executives in the U.S. and U.K. to find out.
What’s the Cost of a Cyber Attack (Infographic)Radware
How much does a cyber-attack actually cost an organization in hard dollars? What are the potential business impacts? This infographic answers these questions and more via two surveys Radware recently conducted of IT professionals.
The Expanding Role and Importance of Application Delivery Controllers [Resear...Radware
When it Comes to ADCs, Perception is Not Reality.
The Enterprise Strategy Group and Radware recently conducted a collaborative research project about the current use and future strategies of application delivery controllers (ADCs).
Based on a survey of 243 IT professionals, the research reveals that the role of ADCs has expanded well beyond the historical perception of hardware-based load balancers.
What’s most interesting is that ADCs are becoming a critical component of a defense-in-depth security strategy as enterprises fine-tune security policy and enforcement to align with their sensitive business applications. Organizations are also deploying ADCs as virtual appliances at an increasing rate and taking advantage of ADC functionality from the network through the application layer.
There is a lesson to be learned here: enterprise organizations can get creative with ADC deployments for performance tuning, application-specific services, and critical system protection. Read this research http://www.radware.com/social/esg-adc-research/ to understand the benefits of applying ADCs in this fashion.
The Cyber Attack landscape is evolving with new attack vectors and dangerous trends that can affect the security of your business. Some attacks can take only minutes to complete, yet months to be discovered.
Determine your attack risk and learn what to look for in a quality cyber attack defense.
Please visit here: http://www.radware.com/social/amn/ for information on Radware's AMN (Attack Mitigation Network.
Mobile Web Stress: Understanding the Neurological Impact of Poor PerformanceRadware
Slow pages hurt mobile user metrics, from bounce rate to online revenues and long-term user retention. At Radware, we wanted to understand the science behind this, so we engaged in the first documented study of the neurological impact of poor performance on mobile users. Your takeaway from this presentation is hard data that you can use to make a case for investing in mobile performance in your organization.
Based on similar research performed on desktop users, our study involved using a groundbreaking combination of eyetracking and electroencephalography (EEG) technologies to monitor brain wave activity in a group of mobile users who were asked to perform a series of online transactions via mobile devices.
In our study, participants were asked to complete standardized shopping tasks on four ecommerce sites while using a smartphone. We studied participants during these tasks, both at the normal speed over Wifi and also at a consistently slowed-down speed (using software that allowed us to create a 500ms network delay). The participants did not know that speed was a factor in the tests; rather, they believed that they were participating in a generic usability/brand perception study. From the data, we were able to extract measures of frustration and emotional engagement for the browsing and checkout stages of both the normal and slowed-down versions of all four sites.
This presentation, shared by Radware Web Performance Evangelist Tammy Everts at the 2014 Velocity Conference and the CMG Performance and Capacity 2014 Conference, provides a deeper understanding of the impact of performance on mobile users.
For even more on the research, you can also download it here: http://www.radware.com/mobile-eeg2013/
This is your brain.
This is your brain on a mobile site with throughput throttled just enough to frustrate the heck out of you.
This is your brain thinking about all the tests you could run if you had your own lightweight, wireless EEG braincap to directly but passively monitor brain activity in your customers as they interact with your digital assets.
From the eMetrics Conference in Chicago, Radware Evangelist Tammy Everts describes a mobile web stress test conducted to gauge the impact of network speed on emotional engagement and brand perception. Neural marketing has escaped the lab and has found its way into practical applications. For even more on the web stress tests, please visit: http://www.radware.com/mobile-eeg2013/
InfoSecurity Europe 2014: The Art Of Cyber WarRadware
With cyber-attacks becoming a growing concern for organizations, availability-based attacks, also known as Denial of Service or Distributed Denial of Service attacks, have long moved from a form of cyber protest to a destructive weapon that is used by cyber criminals, hacktivists and even governments.
In 2013 we saw a growing use of a new type of attack where attackers used legitimate transactions to saturate application servers’ resources. In this presentation, Security Expert Werner Thalmeier demonstrates how such an advanced attack can be created from a laptop running in an anonymous public WiFi network. He also evaluates the attack landscape and its impact on organizations as well as shares the best practices to protect against such cyber-attacks.
Understand the current availability-based threat landscape and learn about new types of cyber-attacks that are being used to saturate resources. For more information on the state of Application and Network Security, please visit: http://www.radware.com/ert-report-2013/
OpenStack Networking: Developing and Delivering a Commercial Solution for Lo...Radware
Why would you want to have an open source driver?
Samuel Bercovici, Radware's Director of Automation & Cloud Integration, answers this and offers an introduction to Drivers in Havana in this presentation from his recent appearance at OpenStack Israel.
Read more in our Press Release: http://www.radware.com/NewsEvents/PressReleases/Radware-Alteon-Provides-Load-Balancing-for-OpenStack-Cloud-Applications/
Radware DefenseFlow-The SDN Application That Programs Networks for DoS Security Radware
http://www.radware.com/Products/DefenseFlow/
Learn about the industry's first SDN application that enables network operators to program the network to provide DDoS protection as a native network service.
Stock Exchanges in the Line of Fire-Morphology of Cyber AttacksRadware
Stock exchanges are constantly targeted by cyber attacks. This presentation discusses several real life attacks cases studies discussing attack vectors, motivations, impacts and mitigation techniques.
Elevating Tactical DDD Patterns Through Object CalisthenicsDorra BARTAGUIZ
After immersing yourself in the blue book and its red counterpart, attending DDD-focused conferences, and applying tactical patterns, you're left with a crucial question: How do I ensure my design is effective? Tactical patterns within Domain-Driven Design (DDD) serve as guiding principles for creating clear and manageable domain models. However, achieving success with these patterns requires additional guidance. Interestingly, we've observed that a set of constraints initially designed for training purposes remarkably aligns with effective pattern implementation, offering a more ‘mechanical’ approach. Let's explore together how Object Calisthenics can elevate the design of your tactical DDD patterns, offering concrete help for those venturing into DDD for the first time!
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
JMeter webinar - integration with InfluxDB and GrafanaRTTS
Watch this recorded webinar about real-time monitoring of application performance. See how to integrate Apache JMeter, the open-source leader in performance testing, with InfluxDB, the open-source time-series database, and Grafana, the open-source analytics and visualization application.
In this webinar, we will review the benefits of leveraging InfluxDB and Grafana when executing load tests and demonstrate how these tools are used to visualize performance metrics.
Length: 30 minutes
Session Overview
-------------------------------------------
During this webinar, we will cover the following topics while demonstrating the integrations of JMeter, InfluxDB and Grafana:
- What out-of-the-box solutions are available for real-time monitoring JMeter tests?
- What are the benefits of integrating InfluxDB and Grafana into the load testing stack?
- Which features are provided by Grafana?
- Demonstration of InfluxDB and Grafana using a practice web application
To view the webinar recording, go to:
https://www.rttsweb.com/jmeter-integration-webinar
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
Generating a custom Ruby SDK for your web service or Rails API using Smithyg2nightmarescribd
Have you ever wanted a Ruby client API to communicate with your web service? Smithy is a protocol-agnostic language for defining services and SDKs. Smithy Ruby is an implementation of Smithy that generates a Ruby SDK using a Smithy model. In this talk, we will explore Smithy and Smithy Ruby to learn how to generate custom feature-rich SDKs that can communicate with any web service, such as a Rails JSON API.
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
4. The Security Trinity
Integrity
Availability
Confidentiality
Security Confidentiality,
a mainstream adaptation of the
“need to know” principle of the
military ethic, restricts the
access of information to those
systems, processes and
recipients from which the
content was intended to be
exposed.
Security Integrity
in its broadest meaning refers
to the trustworthiness of
information over its entire
life cycle.
Security Availability
is a characteristic that distinguishes information objects
that have signaling and self-sustaining processes from
those that do not, either because such functions have
ceased (outage, an attack), or else because they lack such
functions .
5. Availability Based Attacks
Slide 5
Availability-
based Threats
Network Floods
(Volumetric)
Application
Floods
Low-and-Slow
Single-packet
DoS
14. Overview
• What triggered the recent US attacks?
• Who was involved in implementing the attacks and name of the operation?
• How long were the attacks and how many attack vectors were involved?
• How the attacks work and their effects.
• How can we prepare ourselves in the future?
Slide 14Radware Confidential Jan 2012
15. What triggered the attacks on the US banks?
• Nakoula Basseley Nakoula (Alias- “Sam Bacile”), an Egyptian born US resident
created an anti-Islamic film.
• Early September the publication of the „Innocence of Muslims‟ film on YouTube
invokes demonstrations throughout the Muslim world.
• The video was 14 minutes though a full length movie was released.
Slide 15Radware Confidential Jan 2012
18. Who is the group behind the cyber response?
• A hacker group called “Izz as-Din al-Qassam Cyber fighters”.
• Izz as-Din al-Qassam was a famous Muslim preacher who was a leader in the
fight against the French, US and Zionist in the 1920‟s and 1930‟s.
• The group claims not to be affiliated to any government or Anonymous.
• This group claims to be independent, and it‟s goal is to defend Islam.
Slide 18Radware Confidential Jan 2012
19. Operation Ababil launched!
• “Operation Ababil” is the codename of the operation launched on September
18th 2012, by the group Izz as-Din al-Qassam Cyber fighters
• The attackers announced they would attack “American and Zionist targets.”
• “Ababil” translates to “Swallow” from Persian. Until today the US thinks the
Iranian government may be behind the operation.
• The goal of the operation is to have YouTube remove the anti-Islamic film from
its site. Until today the video has not been removed.
Slide 19Radware Confidential Jan 2012
21. Initial attack campaign in 2 phases
• The attack campaign was split into 2 phases, a pubic announcement was made in each phase.
• The attacks lasted 10 days, from the 18th until the 28th of September.
• Phase 1 - Targets > NYSE, BOA, JP Morgan.
• Phase 2 – Targets > Wells Fargo, US Banks, PNC.
• Phase 3 - Targets > PNC, Fifth Third Bancorp, J.M.Chase, U.S.Bank, UnionBank, Bank of
America, Citibank, BB&T and Capitalone.
Slide 21Radware Confidential Jan 2012
22. Attack Vectors
• 5 Attack vectors were seen by the ERT team during Operation Ababil.
1. UDP garbage flood.
2. TCP SYN flood.
3. Mobile LOIC (Apache killer version.)
4. HTTP Request flood.
5. ICMP Reply flood. (*Unconfirmed but reported on.)
6. Booters.
*Note: Data is gathered by Radware as well as it‟s partners.
Radware Confidential Jan 2012
23. Booters
Slide 23
A Booter is a tool used for taking down/booting off
websites and servers.
Booters introduce high volumetric (server based) attacks
and slow-rate attack vectors as a one stop shop.
24. UDP Garbage Flood
• Targeted the DNS servers of the organizations, also HTTP.
• 1Gb + in volume.
• All attacks were identical in content and in size (Packet structure).
• UDP packets sent to port 53 and 80.
• Customers attacked Sep 18th and on the 19th.
Slide 24Radware Confidential Jan 2012
25. Tactics used in the UDP Garbage Flood
• Internal DNS servers were targeted , at a high rate.
• Web servers were also targeted, at a high rate.
• Spoofed IP‟s (But kept to just a few, this is unusual.)
• ~ 1Gbps.
• Lasted more than 7 hours initially but still continues...
Packet structure
Slide 25
Parameter Value Port 53 Value Port 80
Packet size 1358 Bytes Unknown
Value in Garbage ‘A’ (0x41) characters
repeated
“/http1”
(x2fx68x74x74x70x
31) - repetitive
Radware Confidential Jan 2012
26. DNS Garbage Flood packet extract
• Some reports of a DNS reflective attack was underway seem to be incorrect.
• The packets are considered “Malformed” DNS packets, no relevant DNS
header.
Slide 26Radware Confidential Jan 2012
27. Attackers objective of the UDP Garbage Flood
• Saturate bandwidth.
• Attack will pass through firewall, since port is open.
• Saturate session tables/CPU resources on any state -full device, L4 routing
rules any router, FW session tables etc.
• Returning ICMP type 3 further saturate upstream bandwidth.
• All combined will lead to a DoS situation if bandwidth and infrastructure cannot
handle the volume or packet processing.
Slide 27Radware Confidential Jan 2012
28. TCP SYN Flood
• Targeted Port 53, 80 and 443.
• The rate was around 100Mbps with around 135K PPS.
• This lasted for more than 3 days.
Slide 28Radware Confidential Jan 2012
29. SYN Flood Packet extract
Slide 29
-All sources are spoofed.
-Multiple SYN packets to port 443.
Radware Confidential Jan 2012
30. Attackers objective of the TCP SYN Floods
• SYN floods are a well known attack vector.
• Can be used to distract from more targeted attacks.
• The effect of the SYN flood if it slips through can devastate state-full devices
quickly. This is done by filling up the session table.
• All state-full device has some performance impact under such a flood.
• Easy to implement.
• Incorrect network architecture will quickly have issues.
Slide 30Radware Confidential Jan 2012
31. Mobile LOIC (Apache killer version)
• Mobile LOIC (Low Orbit Iron Cannon) is a DDoS tool written in HTML and
Javascript.
• This DDoS Tool does an HTTP GET flood.
• The tool is designed to do HTTP floods.
• We have no statistics on the exact traffic of mobile LOIC.
Slide 31
*Suspected*Suspected
Radware Confidential Jan 2012
32. Mobile LOIC in a web browser
Slide 32Radware Confidential Jan 2012
33. HTTP Request Flood
• Between 80K and 100K TPS (Transactions Per second.)
• Port 80.
• Followed the same patterns in the GET request (Except for the Input
parameter.)
• Dynamic user agent.
Slide 33Radware Confidential Jan 2012
34. HTTP flood packet structure
• Sources worldwide (True sources most likely hidden.)
• User agent duplicated.
• Dynamic Input parameters.
GET Requests parameters
Slide 34Radware Confidential Jan 2012
35. Attackers objective of the HTTP flood
• Bypass CDN services by randomizing the input parameter and user agents.
• Because of the double user agent there was an flaw in the programming behind
the attacking tool.
• Saturating and exhausting web server resources by keeping session table and
web server connection limits occupied.
• The attack takes more resources to implement than non connection orientated
attacks like TCP SYN floods and UDP garbage floods. This is because of the
need to establish a connection.
Slide 35Radware Confidential Jan 2012
38. Availability-based Threats Tree
Slide 38
Availability-
based Threats
Network Floods
(Volumetric)
Application
Floods
Low-and-Slow
Single-packet
DoS
UPD
Flood
ICMP
Flood
SYN
Flood
Web
Flood
DNS SMTP
HTTPS
Radware Confidential Jan 2012
42. HTTPS – SSL Re Negotiation Attack
Slide 42
THC-SSL DoS
THC-SSL DOS was developed by a hacking group called The Hacker‟s Choice (THC), as a proof-
of-concept to encourage vendors to patch a serious SSL vulnerability. THC-SSL-DOS, as with other
“low and slow” attacks, requires only a small number of packets to cause denial-of-service for a
fairly large server. It works by initiating a regular SSL handshake and then immediately requesting
for the renegotiation of the encryption key, constantly repeating this server resource-intensive
renegotiation request until all server resources have been exhausted.
Radware Confidential Jan 2012
43. Low & Slow
Slide 43
Availability-
based Threats
Network Floods
(Volumetric)
Application
Floods
Low-and-Slow
Single-packet
DoS
UPD
Flood
ICMP
Flood
SYN
Flood
Web
Flood
DNS SMTP
HTTPS
Low-and-Slow
Radware Confidential Jan 2012
45. R.U.D.Y (R-U-Dead-Yet)
Slide 45
R.U.D.Y. (R-U-Dead-Yet?)
R.U.D.Y. (R-U-Dead-Yet?) is a slow-rate HTTP POST (Layer 7) denial-of-service tool created by Raviv Raz and
named after the Children of Bodom album “Are You Dead Yet?” It achieves denial-of-service by using long form
field submissions. By injecting one byte of information into an application POST field at a time and then waiting,
R.U.D.Y. causes application threads to await the end of never-ending posts in order to perform processing (this
behavior is necessary in order to allow web servers to support users with slower connections). Since R.U.D.Y.
causes the target webserver to hang while waiting for the rest of an HTTP POST request, by initiating
simultaneous connections to the server the attacker is ultimately able to exhaust the server‟s connection table and
create a denial-of-service condition.
Radware Confidential Jan 2012
46. Slowloris
Slide 46
Slowloris
Slowloris is a denial-of-service (DoS) tool developed by the grey hat hacker “RSnake” that causes DoS by using a very slow
HTTP request. By sending HTTP headers to the target site in tiny chunks as slow as possible (waiting to send the next tiny
chunk until just before the server would time out the request), the server is forced to continue to wait for the headers to
arrive. If enough connections are opened to the server in this fashion, it is quickly unable to handle legitimate requests.
Slowloris is cross-platform, except due to Windows’ ~130 simultaneous socket use limit, it is only effective from UNIX-based
systems which allow for more connections to be opened in parallel to a target server (although a GUI Python version of
Slowloris dubbed PyLoris was able to overcome this limiting factor on Windows).
Radware Confidential Jan 2012
47. Radware Security Products Portfolio
Slide 47
AppWall
Web Application Firewall (WAF)
DefensePro
Network & Server attack prevention device
APSolute Vision
Management and security reporting &
compliance
Radware breaks down the security model into three categories: Confidentiality, Integrity and Availability.Think of it as follows:Confidentiality: A compromise here results in the theft or destruction of business-critical information or customer dataIntegrity: Often linked to confidentiality but damage to a businesses systems obviously can have a major impact. An extreme example that you might have heard of would be the Stuxnet virus that was designed to damage the centrifuge machines used in Iran to purify nuclear material.Availability: The ability for your business to operate. Denial of Service attacks target this dimension – designed purely to disrutp business operation.
Here we have the 4 Primary Categories of Availability Based Threats, Network & Application Floods, Low & Slow and Single Packet DOS. The pie charts below illustrate actual use of these attack vectors based on ERT Case history. Over the past few years Application layer attacks have become a significant threat, with Web/SSL and DNS being the fast growing vectors.
Based on the Radware Global Security Survey of the industry 57% of attacks have unknown motive. 22% of attacks have an ideological/hacktivist motive.
80% of respondents believe they are not protected and businesses will be impacted by DDOS attacks.
While Gaming, Ecommerce maintain risk. Government,Financial Institutions take the biggest shift toward bullseye! These are VERY Likely targets for 2013.
Attack Campaigns are becoming more and more persistent, with 23% of attacks lasting more than one week!
Shift from 2 Security Phases to 3Pre Attack – audit, vuln scanning, pen tests, etc.Post Attack - forensics, process adjustments, preparation, etc.NEW Phase Cyber War Room24/7Trained under fire (war games, etc)Coverage
SIZE
We are going to take a look at the attacks on the US Banks. We’ll review the attack source, motivation, duration, attack vectors and preparation.
-This pic is from the very beginning of the video, stating “There is an angry mob in the middle of the street”*Notes - On September 9, 2012, an excerpt of the YouTube video was broadcast on Al-Nas TV, an Egyptian Islamist television station.[11][12]Demonstrations and violent protests against the film broke out on September 11 in Egypt and spread to other Arab and Muslim nations and some western countries.
-Libyan riots top left - http://www.foreignpolicy.com/articles/2012/09/14/why_the_embassy_riots_wont_stop.-Lebonon riots bottom left - http://au.ibtimes.com/articles_slideshows/384606/20120915/lebanon-protesters-destroy-kentucky-fried-chicken-and-hardees-over-innocence-of-muslims-film-photos.htm
Links about Izz as-Din al-Quassam The preacher - http://en.wikipedia.org/wiki/Izz_ad-Din_al-Qassam *Notes - The Levant includes most of modern Lebanon, Syria, Jordan, State of Palestine, Israel, Cyprus, Hatay Province of Turkey, some regions of northwestern Iraq and theSinai Peninsula.Links about the Cyber hacker group - http://www.globalpost.com/dispatches/globalpost-blogs/the-grid/who-are-the-izz-ad-din-al-qassam-cyber-fightershttp://www.ehackingnews.com/2012/12/izz-ad-din-al-qassam-cyber-fighters.htmlPic from - http://www.standupamericaus.org/terror-jihad/cyber-fighters-of-izz-al-din-al-qassam-alert-to-banks-in-usa/
Claim to have no current ties to Anonymous Collective nor any Nation State.Goal is to have the Anti-Muslim Video taken off of YouTubeAbabil (Persian) translates to Swallow Links for translation of ababil - http://en.wikipedia.org/wiki/Ghods_AbabilThe pic from - http://en.wikipedia.org/wiki/File:Hirundo_abyssinica.jpgClaims of Iranian involvement -http://betabeat.com/2012/09/iran-possibly-behind-operation-ababil-cyber-attacks-against-financial-institutions/http://features.rr.com/article/0coOckreSy1vL?q=Bank+of+America
Pic taken from - http://news.yahoo.com/americas-failing-grade-cyber-attack-readiness-153640058--abc-news-topstories.html
Data taken from internal doc.Phase 3 OpAbabil – Announced March 5th (ongoing) and expected to last 11 weeks. While Phase 3 is not in my presentation today . Encrypted Attacks are a BIG problem for the current protection in place.
-Taken from internal report.
-Taken from internal report.
Reflective attack - Attackers send forged requests of some type to a very large number of computers that will reply to the requests. Using spoofed SRC IP’s of the victim, which means all the replies will go to (and flood) the target.
-Stateful inspection in the DNS area is limited. Was in smartdefense at CP, but how many people use it?-The server is forced to respond with ICMP packets “Destination Unreachable” (ICMP type3 Code 3) for port closed when udp packet arrives.-Returning ICMP type 3 further saturate (Packet size in return will be close to received packet).
-Internal data.
-The SYN flood attack simply sends a high rate of SYN’s with spoofed IP’s and the server is left waiting for the ACK.-This means the attacker needs much fewer hosts to exhaust target machine because no session is actually kept alive on the “Attackers” side.-You exhaust the Backlog of the TCP stack (Linux default is 3mins and Win2k is 45 sec. for half open timeouts, these can be changed). So the server can no longer accept a new connection.-
-Another reported attack technique that was allegedly used during this campaign is a custom version of the Mobile LOIC tool (aka Mobile LOIC - Apache Killer) which is designed to exploit a known vulnerability in Apache servers – corresponding to CVE-2011-3192.-This attack tool targets Apache servers using Apache HTTP server versions 1.3.x, 2.0.x through 2.0.64, and 2.2.x through 2.2.19.
Target URL- Specifies the URL of the attacked target. Must start with http://. Requests per second-Specifies the number of desired requests to be sent per second. Append message-Specifies the content for the “msg” parameter to be sent within the URL of HTTP requests
Resource internal.
-This value is unique since it seems to contain a typo which is caused by placing the “User Agent:” string inside the user agent value itself.Resource internal.
Internal resources.
Resource internal.
Trend toward assymetricatacks with obvious reason. The attacker is required to utilize few resources while exhausting the target by sending small requests which result in large and or cpu intensive replies.
Identification: referrer (ask the audience)Iframe attack can be used to amplify a DDoS any site. For example, using the attack LOIC iframe (JavaScript) to amplify the attack.
RUDY or ARE YOU DEAD YET exploits the HTTP POST method by sending POST with long form field submission. It injects one byte of data then waiting causes application threads to await for never ending posts to perform processing.
Slowloris sends very slow HTTP Requests. The HTTP headers ares sent in tiny chunks as slowly as possible while the server si forced to wait for the headers to arrive. This causes many connections to be built up on the target server. Slowloris is cross platform, except for Windows due to a socket limitation (~130). Pyloris was developed to enable running on windows with a Python GUI).