SlideShare a Scribd company logo
1 of 34
IoT - Next Wave of DDoS?
IoT Sourced DDoS Attacks
A Focus on Mirai Botnet and Best
Practices in DDoS Defense
2©2016 ARBOR® CONFIDENTIAL & PROPRIETARY
• Largest attack reported was 800 Gbps with other respondents reporting attacks of 600
Gbps, 550 Gbps, and 500 Gbps
• One third of respondents report peak attacks over 100Gbps
• 41% of EGE respondents and 61% of data-center operators reported attacks exceeding
their total Internet capacity
DDoS Attacks Increasing in Size, Frequency &
Complexity
Arbor Networks WISR XII
3©2016 ARBOR® CONFIDENTIAL & PROPRIETARY
• Peak monitored attack of 579Gbps, 73% growth from 2015
• 558 attacks over 100Gbps, 87 over 200Gbps
– Compared to 223 and 16 in 2015
• 20% of attacks over 1Gbps, as opposed to 16% in 2015
• Average attacks size now 931Mbps, up from 760Mbps, a 23% increase
Arbor Networks ATLAS DDoS statistics
4©2016 ARBOR® CONFIDENTIAL & PROPRIETARY
DDoS Attack Trends
238.8
276.6
298.6
270.2
156.5
579.6
330.2
267.3
489.4
327.4
498.3 392.7
0
100
200
300
400
500
600
700
Jan-16 Feb-16 Mar-16 Apr-16 May-16 Jun-16 Jul-16 Aug-16 Sep-16 Oct-16 Nov-16 Dec-16
Worldwide Peak attack size (Gbps)
559329
493789 495581 482114
460641
503767
607848 619691 645590 644256
552766
630912
0
100000
200000
300000
400000
500000
600000
700000
Jan-16 Feb-16 Mar-16 Apr-16 May-16 Jun-16 Jul-16 Aug-16 Sep-16 Oct-16 Nov-16 Dec-16
no of DDoS attacks
5©2016 ARBOR® CONFIDENTIAL & PROPRIETARY
DDoS Attack Trends
Year 2016 Global APAC
Peak attack size 579.59 Gbps 196.06 Gbps
Average attack size 931.24 Mbps 640.78 Mbps
Average duration 55 min 20 sec 40 min 39 sec
Attack dest port TCP/80 TCP/80
Top reflection attack type DNS DNS
177.1
260.3
287.8
135.47
71.15
147.7
196.06
104.7
166.5
154.6
134.8
149.1
0
50
100
150
200
250
300
350
Jan-16 Feb-16 Mar-16 Apr-16 May-16 Jun-16 Jul-16 Aug-16 Sep-16 Oct-16 Nov-16 Dec-16
APAC DDoS peak attack size (Gbps)
6©2016 ARBOR® CONFIDENTIAL & PROPRIETARY
Service Provider Attack Types
WISR XII DDoS trend
7©2016 ARBOR® CONFIDENTIAL & PROPRIETARY
• SPs see Government,
Finance and Hosting as top
targets
• SPs seeing attacks on
cloud services drops from
one third to one quarter
• 42% of EGE respondents
experienced an attack
– 63% of finance, up from
45%
– 53% of government, up
from 43%
DDoS Targets
8©2016 ARBOR® CONFIDENTIAL & PROPRIETARY
The Result
• First high-profile attack using IoT devices Christmas 2013, using CPE and webcams
• In 2016 Botnet owners started to recruit IoT devices en mass
• Attacks of 540Gbps against the Olympics, 620Gbps against Krebs, Dyn etc..
The Problem
• Almost every piece of technology
we buy is ‘connected’
• Devices are designed to be easy
to deploy and use, often resulting
in limited security capabilities
• Software is very rarely upgraded.
Some manufacturers don’t provide
updates, or the ability to install
updates
DDoS driving factors - IoT
9©2016 ARBOR® CONFIDENTIAL & PROPRIETARY
Cost of DDoS
Service
Impact to Victim
DDoS Attacks Are
The Great Equalizer…
Ability
It’s Never Been Easier to Launch a DDoS Attack. DDoS attack tools
and DDoS for Hire Services add to the weaponization of DDoS.
Fact:
10©2016 ARBOR® CONFIDENTIAL & PROPRIETARY
Abusable IoT Devices
Weaponization and
Ease of Attack
Rise in IoT-Based DDoS Attacks
Two Mega Trends Merging to Create “The Perfect Storm”?
11©2016 ARBOR® CONFIDENTIAL & PROPRIETARY
◦ Approximately 500,000 compromised
IoT devices worldwide.
◦ Default user name and passwords
enabled and open ports in firewalls
(Telnet TCP 23/2323).
◦ IoT devices are subsumed into botnet by continuous, automated
scanning by other compromised Mirai botnet IoT devices.
◦ Rebooting device removes malware, but its estimated that it will take
less than 10 min to be rescanned and become part of botnet again.
The Mirai Botnet
12©2016 ARBOR® CONFIDENTIAL & PROPRIETARY
Mirai is NOT Just a DNS Attack
Attack Vectors:
◦ SYN-flooding
◦ ACK-flooding
◦ UDP flooding
◦ Valve Source Engine (VSE)
query-flooding
◦ GRE-flooding
◦ Pseudo-random DNS label-prepending attacks
(also known as DNS ‘Water Torture’ attacks)
◦ HTTP GET, POST and HEAD attacks.
◦ The Mirai Botnet is
capable of launching
complex, multi-vector
attacks.
13©2016 ARBOR® CONFIDENTIAL & PROPRIETARY
The Mirai Botnet (cont’d)
◦ Segmented command-and-control.
◦ Capable of launching simultaneous DDoS attacks against
multiple targets.
◦ Non-spoofed traffic. (could change in future)
◦ Code has been released to wild…already seeing signs of
alteration.
14©2016 ARBOR® CONFIDENTIAL & PROPRIETARY
IoT Botnets Are Not New
and On The Rise
4000
500
1000
3500
July 2014
April 2016 Aug 2016
100
1000
200
300
400
800
900
Oct 2016
MIRAI IOT
BOTNET
LIZARDSTRESSER
IOT BOTNET TARGETS
BRAZIL
AttackSize(Gbps)
600
500
700
Targets were organizations
affiliated with major international
sporting events (e.g. gov’t, banks,
sponsors, etc.).
Pre-event
activity
Dyn
OVH ?
Who/What Next?
15©2016 ARBOR® CONFIDENTIAL & PROPRIETARY
◦ Summer, 2016 – 540 Gbps attack on an organization associated with the Rio
Olympics (Lizardstresser)
◦ September 20th – 620 Gbps attack targeting KrebsOnSecurity.com (Mirai)
◦ September 21st – 990 Gbps attack targeting OVH (Mirai)
◦ September 30th – Mirai source code leaked
◦ October 21st – Dyn’s Managed DNS Infrastructure Targeted (Mirai)
◦ October 31st – 600 Gbps attack on Liberia (Mirai)
RECENT ATTACKS
16©2016 ARBOR® CONFIDENTIAL & PROPRIETARY
◦ Embedded or stripped-down versions of Linux
◦ Easy to target a wide range of devices
◦ Limited security features
◦ Internet-accessible
◦ Unfettered outbound access
◦ Market Dynamics
◦ Extremely Low-margin Products not differentiated by security features
◦ Chip makers à ODM’s à Brand Company à End User
‒ No security expertise, No incentive for Security
◦ Result
◦ A large population of highly susceptible, high bandwidth devices that cannot or will not
be patched or otherwise secured.
WHY IoT DEVICES?
17©2016 ARBOR® CONFIDENTIAL & PROPRIETARY
DEFAULT CREDENTIALS FOR IOT DEVICEShttps://krebsonsecurity.com/wp-content/uploads/2016/10/IoTbadpass-Sheet1.pdf
18©2016 ARBOR® CONFIDENTIAL & PROPRIETARY
Mirai – Propagation, Command and Control
Bot
(compromised)
Telnet Scan (TCP/23)
Brute Force
1
IoT Device
ScanListen
Service
2
Report:
- Discovered IP
- Successful Creds
Telnet Port Scans
TCP/48101
Already Compromised?
Loader
Install Bot
Code
3
4
5
New Victim
- IP
- Creds
C2
6
Check-In
TCP/23
19©2016 ARBOR® CONFIDENTIAL & PROPRIETARY
Mirai – Propagation, Command and Control
Bot
(compromised)
Telnet Scan (TCP/23)
Brute Force
1
Bot
(compromised)
ScanListen
Service
2
Report:
- Discovered IP
- Successful Creds
Telnet Port Scans
TCP/48101
Already Compromised?
Loader
Install Bot
Code
3
4
5
New Victim
- IP
- Creds
C2
6
Check-In
TCP/23
Telnet Port Scans
7 And the beat goes on ...
20©2016 ARBOR® CONFIDENTIAL & PROPRIETARY
◦ Predominantly Webcam IoT devices
◦ Approximately 500,000 devices worldwide
◦ High concentrations in China, Hong Kong, Macau, Vietnam, Taiwan, South
Korea, Thailand, Indonesia, Brazil, and Spain
◦ Segmented Control
◦ Multi-Vector Attack Support:
◦ Krebs, OVH, Dyn, and Liberia
◦ Does not imply it was the same adversaries!!!
THE MIRAI BOTNET
21©2016 ARBOR® CONFIDENTIAL & PROPRIETARY
◦ Three Attacks Targeting Dyn’s Managed DNS Infrastructure
◦ Dyn Customers include
◦ Netflix, Twitter, Reddit, Github, Spotify, PayPal, Airbnb, NYT, etc.
◦ Large-scale outages for Dyn Customers, even though the customers
were not attacked directly
DYN ATTACKS ON OCTOBER 21ST
22©2016 ARBOR® CONFIDENTIAL & PROPRIETARY
ATLAS IoT Botnet tracking
• Network of honeypots setup to monitor IoT compromise
activities
• Snapshots of activities from 29 Nov to 12 Dec 2016
• 1,027,543 login attempts from a total of 92,317 unique IP
addresses
• Peak login attempts per hour is 18,054
23©2016 ARBOR® CONFIDENTIAL & PROPRIETARY
ATLAS IoT Botnet tracking
• Billions of IoT devices connected to the Internet
– Estimates vary, 5B+, with millions added every day
• Arbor honeypot devices look for exploit activity on Telnet / SSH ports
• 1M login attempts from 11/29 to 12/12 from 92K unique IP addresses
• More than 1 attempt per minute in some regions
24©2016 ARBOR® CONFIDENTIAL & PROPRIETARY
ATLAS IoT Botnet tracking
Country Number of Attempts
China 102,975
Vietnam 26,573
Republic of Korea 19,465
USA 17,062
Brazil 16,609
Russia 13,378
Taiwan 11,697
Hong Kong 11,200
Turkey 10,190
Romania 9,856
25©2016 ARBOR® CONFIDENTIAL & PROPRIETARY
ATLAS IoT Botnet tracking
0
2000
4000
6000
8000
10000
12000
14000
16000
18000
20000
28/11/2016 0:00 30/11/2016 0:00 2/12/2016 0:00 4/12/2016 0:00 6/12/2016 0:00 8/12/2016 0:00 10/12/2016 0:00 12/12/2016 0:00 14/12/2016 0:00
Login attempts per hour
Sum Sum SSH Sum Telnet
26©2016 ARBOR® CONFIDENTIAL & PROPRIETARY
ATLAS IoT Botnet tracking
0
1000
2000
3000
4000
5000
6000
7000
28/11/2016 30/11/2016 2/12/2016 4/12/2016 6/12/2016 8/12/2016 10/12/2016 12/12/2016 14/12/2016
Login attempt per region
APAC EU SA US
27©2016 ARBOR® CONFIDENTIAL & PROPRIETARY
◦ Multiple Highly Distributed Attack Vectors
◦ Dyn originally reported ”10s of millions of IP addresses”
◦ Later corrected to an estimate of 100,000
◦ Cascading Effect
◦ 2nd Order Impact on Dyn customers
◦ DNS service disruption from original attack generates legitimate retry activity
‒ This is, in part, what caused Dyn to overreport the number of attacking IP’s
◦ 3rd Order Impact on Broadband Operators
◦ Mitigations Performed by Dyn According to Dyn:
◦ Traffic shaping, Anycast Rebalancing, ACL Filtering, Scrubbing Services
ATTACK CHARACTERISTICS, EFFECTS, AND
MITIGATIONS
28©2016 ARBOR® CONFIDENTIAL & PROPRIETARY
Telnet Traffic – IoT botnet growing
29©2016 ARBOR® CONFIDENTIAL & PROPRIETARY
Telnet Traffic by Country – Matches Attack SRC
30©2016 ARBOR® CONFIDENTIAL & PROPRIETARY
Source: Ponemon Institute: Dec. 2013,
Cost of Data Center Outages
◦ On-premises Intelligent
DDoS Mitigation
Systems (e.g. Arbor
APS / TMS products)
◦ Overlay cloud-based
DDoS protection
services (i.e. Arbor
Cloud or ISP/MSSP)
◦ Network infrastructure-
based techniques such
as S/RTBH & Flowspec
at all network edges
10 Best Practices in DDoS Defense
◦ Factor network
availability into
the design of
online services
or applications;
continuously
stress-test.
◦ Develop a DDoS
Attack Mitigation
Process
◦ Continuously
stress-test
& refine.
◦ Utilize flow
telemetry (e.g.
NetFlow) collection
& analysis for
attack detection,
classification
& trace back.
Deploy multi-layered
DDoS protection
which includes:
◦ Scan for
misconfigured,
abusable services
running on servers,
routers, switches,
home CPE devices,
etc. (i.e. TCP
23/2323). Alert users
running abusable
services – possibly
blocking until they
are remediated.
1 2 3 4 5
31©2016 ARBOR® CONFIDENTIAL & PROPRIETARY
Source: Ponemon Institute: Dec. 2013,
Cost of Data Center Outages
10 Best Practices in DDoS Defense (cont’d)
◦ Participate in the
global operational
security community
and share threat
intelligence and
defense best
practices.
◦ Check Open NTP
Project for abusable
NTP services on
your networks.
◦ Disallow Level 6/7
NTP queries from
the Internet.
◦ Check Open
Resolve Project
for abusable open
DNS recursors on
your networks.
Ensure only
authorized users
can query
recursive DNS
servers.
◦ Ensure SNMP
is blocked on
public-facing
infrastructure/
servers.
◦ Employ Anti-spoofing
mechanisms such as
Unicast Reverse-
Path Forwarding,
ACLs, DHCP
Snooping & IP
Source Guard, Cable
IP Source Verify, etc.
on all edges of ISP
and enterprise
networks.
NTP
Services
DNS
Recursors
6 7 8 9 10
32©2016 ARBOR® CONFIDENTIAL & PROPRIETARY
• Nearly half of SPs now implement anti-spoofing filters
• Rehearsing DDoS attack processes and procedures is key
• 10% increase in SPs running simulations, 37% do this quarterly
• EGE 55% now run simulations, 40% do this quarterly
• Difficulty in hiring and retaining personnel remains a key issue for both SP and EGE
respondents
SP
WISR XII – Organization Security
33©2016 ARBOR® CONFIDENTIAL & PROPRIETARY
For More Information …
©2016 ARBOR® CONFIDENTIAL & PROPRIETARY 34
Thank You

More Related Content

What's hot

A Survey: DDOS Attack on Internet of Things
A Survey: DDOS Attack on Internet of ThingsA Survey: DDOS Attack on Internet of Things
A Survey: DDOS Attack on Internet of ThingsIJERD Editor
 
Cybercrime and Security
Cybercrime and SecurityCybercrime and Security
Cybercrime and SecurityNoushad Hasan
 
An introduction to denial of service attacks
An introduction to denial of service attacksAn introduction to denial of service attacks
An introduction to denial of service attacksRollingsherman
 
IoT Security Training, IoT Security Awareness 2019
IoT Security Training, IoT Security Awareness 2019 IoT Security Training, IoT Security Awareness 2019
IoT Security Training, IoT Security Awareness 2019 Tonex
 
DDoS Attack PPT by Nitin Bisht
DDoS Attack  PPT by Nitin BishtDDoS Attack  PPT by Nitin Bisht
DDoS Attack PPT by Nitin BishtNitin Bisht
 
IoT - Attacks and Solutions
IoT - Attacks and SolutionsIoT - Attacks and Solutions
IoT - Attacks and SolutionsUlf Mattsson
 
Cyber attacks and IT security management in 2025
Cyber attacks and IT security management in 2025Cyber attacks and IT security management in 2025
Cyber attacks and IT security management in 2025Radar Cyber Security
 
Cyber security Information security
Cyber security Information securityCyber security Information security
Cyber security Information securityAYESHA JAVED
 
Cyber Security 03
Cyber Security 03Cyber Security 03
Cyber Security 03Home
 
KHNOG 3: DDoS Attack Prevention
KHNOG 3: DDoS Attack PreventionKHNOG 3: DDoS Attack Prevention
KHNOG 3: DDoS Attack PreventionAPNIC
 
Introduction to cyber security amos
Introduction to cyber security amosIntroduction to cyber security amos
Introduction to cyber security amosAmos Oyoo
 
Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]David Sweigert
 
Network security
Network securityNetwork security
Network securityfatimasaham
 

What's hot (20)

A Survey: DDOS Attack on Internet of Things
A Survey: DDOS Attack on Internet of ThingsA Survey: DDOS Attack on Internet of Things
A Survey: DDOS Attack on Internet of Things
 
Cybercrime and Security
Cybercrime and SecurityCybercrime and Security
Cybercrime and Security
 
An introduction to denial of service attacks
An introduction to denial of service attacksAn introduction to denial of service attacks
An introduction to denial of service attacks
 
IoT Security Training, IoT Security Awareness 2019
IoT Security Training, IoT Security Awareness 2019 IoT Security Training, IoT Security Awareness 2019
IoT Security Training, IoT Security Awareness 2019
 
CYBER SECURITY
CYBER SECURITYCYBER SECURITY
CYBER SECURITY
 
DDoS Attack PPT by Nitin Bisht
DDoS Attack  PPT by Nitin BishtDDoS Attack  PPT by Nitin Bisht
DDoS Attack PPT by Nitin Bisht
 
Iot cyber security
Iot cyber securityIot cyber security
Iot cyber security
 
Dos n d dos
Dos n d dosDos n d dos
Dos n d dos
 
IoT - Attacks and Solutions
IoT - Attacks and SolutionsIoT - Attacks and Solutions
IoT - Attacks and Solutions
 
BOTNET
BOTNETBOTNET
BOTNET
 
Cyber attacks and IT security management in 2025
Cyber attacks and IT security management in 2025Cyber attacks and IT security management in 2025
Cyber attacks and IT security management in 2025
 
Cyber security Information security
Cyber security Information securityCyber security Information security
Cyber security Information security
 
Cyber Security 03
Cyber Security 03Cyber Security 03
Cyber Security 03
 
IOT Security
IOT SecurityIOT Security
IOT Security
 
KHNOG 3: DDoS Attack Prevention
KHNOG 3: DDoS Attack PreventionKHNOG 3: DDoS Attack Prevention
KHNOG 3: DDoS Attack Prevention
 
Denial of service
Denial of serviceDenial of service
Denial of service
 
Threat Intelligence
Threat IntelligenceThreat Intelligence
Threat Intelligence
 
Introduction to cyber security amos
Introduction to cyber security amosIntroduction to cyber security amos
Introduction to cyber security amos
 
Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]
 
Network security
Network securityNetwork security
Network security
 

Viewers also liked

MIRAI: What is It, How Does it Work and Why Should I Care?
MIRAI: What is It, How Does it Work and Why Should I Care?MIRAI: What is It, How Does it Work and Why Should I Care?
MIRAI: What is It, How Does it Work and Why Should I Care?Memoori
 
How IoT Is Breaking The Internet
How IoT Is Breaking The InternetHow IoT Is Breaking The Internet
How IoT Is Breaking The InternetCarl J. Levine
 
State of the Internet: Mirai, IOT and History of Botnets
State of the Internet: Mirai, IOT and History of BotnetsState of the Internet: Mirai, IOT and History of Botnets
State of the Internet: Mirai, IOT and History of BotnetsRahul Neel Mani
 
(130928) #fitalk cloud storage forensics - dropbox
(130928) #fitalk   cloud storage forensics - dropbox(130928) #fitalk   cloud storage forensics - dropbox
(130928) #fitalk cloud storage forensics - dropboxINSIGHT FORENSIC
 
Cloud computing security issues and challenges
Cloud computing security issues and challengesCloud computing security issues and challenges
Cloud computing security issues and challengesDheeraj Negi
 
Vigas de concreto - programa para cálculo
Vigas de concreto - programa para cálculoVigas de concreto - programa para cálculo
Vigas de concreto - programa para cálculoTimóteo Rocha
 
Contratación estatal en Colombia
Contratación estatal en ColombiaContratación estatal en Colombia
Contratación estatal en ColombiaManuel Bedoya D
 
Configuracion de excel
Configuracion de excelConfiguracion de excel
Configuracion de excelMonica Taday
 
PROBLEMAS TEÓRICOS DE LA CONTRATACIÓN ESTATAL
PROBLEMAS TEÓRICOS DE LA CONTRATACIÓN ESTATALPROBLEMAS TEÓRICOS DE LA CONTRATACIÓN ESTATAL
PROBLEMAS TEÓRICOS DE LA CONTRATACIÓN ESTATALManuel Bedoya D
 
Social activity method (sam) a fractal language for mathematics
Social activity method (sam) a fractal language for mathematicsSocial activity method (sam) a fractal language for mathematics
Social activity method (sam) a fractal language for mathematicsfitri nur aningsi
 
Introduction of Mirai Translate, Inc.
Introduction of Mirai Translate, Inc. Introduction of Mirai Translate, Inc.
Introduction of Mirai Translate, Inc. Osaka University
 
Drilling Down Into DNS DDoS
Drilling Down Into DNS DDoSDrilling Down Into DNS DDoS
Drilling Down Into DNS DDoSAPNIC
 
Avoiding dns amplification attacks
Avoiding dns amplification attacksAvoiding dns amplification attacks
Avoiding dns amplification attacksLucas Kauffman
 
Dns reflection attacks webinar slides
Dns reflection attacks webinar slidesDns reflection attacks webinar slides
Dns reflection attacks webinar slidesMen and Mice
 

Viewers also liked (20)

MIRAI: What is It, How Does it Work and Why Should I Care?
MIRAI: What is It, How Does it Work and Why Should I Care?MIRAI: What is It, How Does it Work and Why Should I Care?
MIRAI: What is It, How Does it Work and Why Should I Care?
 
How IoT Is Breaking The Internet
How IoT Is Breaking The InternetHow IoT Is Breaking The Internet
How IoT Is Breaking The Internet
 
State of the Internet: Mirai, IOT and History of Botnets
State of the Internet: Mirai, IOT and History of BotnetsState of the Internet: Mirai, IOT and History of Botnets
State of the Internet: Mirai, IOT and History of Botnets
 
(130928) #fitalk cloud storage forensics - dropbox
(130928) #fitalk   cloud storage forensics - dropbox(130928) #fitalk   cloud storage forensics - dropbox
(130928) #fitalk cloud storage forensics - dropbox
 
DDoS Attacks
DDoS AttacksDDoS Attacks
DDoS Attacks
 
Cloud computing security issues and challenges
Cloud computing security issues and challengesCloud computing security issues and challenges
Cloud computing security issues and challenges
 
WebSocket protocol
WebSocket protocolWebSocket protocol
WebSocket protocol
 
Vigas de concreto - programa para cálculo
Vigas de concreto - programa para cálculoVigas de concreto - programa para cálculo
Vigas de concreto - programa para cálculo
 
Taller1 lopez torosina
Taller1 lopez torosinaTaller1 lopez torosina
Taller1 lopez torosina
 
Diagramación
DiagramaciónDiagramación
Diagramación
 
Contratación estatal en Colombia
Contratación estatal en ColombiaContratación estatal en Colombia
Contratación estatal en Colombia
 
Configuracion de excel
Configuracion de excelConfiguracion de excel
Configuracion de excel
 
PROBLEMAS TEÓRICOS DE LA CONTRATACIÓN ESTATAL
PROBLEMAS TEÓRICOS DE LA CONTRATACIÓN ESTATALPROBLEMAS TEÓRICOS DE LA CONTRATACIÓN ESTATAL
PROBLEMAS TEÓRICOS DE LA CONTRATACIÓN ESTATAL
 
Sistemas operativos
Sistemas operativosSistemas operativos
Sistemas operativos
 
Lengua castellana 4rto b
Lengua castellana 4rto bLengua castellana 4rto b
Lengua castellana 4rto b
 
Social activity method (sam) a fractal language for mathematics
Social activity method (sam) a fractal language for mathematicsSocial activity method (sam) a fractal language for mathematics
Social activity method (sam) a fractal language for mathematics
 
Introduction of Mirai Translate, Inc.
Introduction of Mirai Translate, Inc. Introduction of Mirai Translate, Inc.
Introduction of Mirai Translate, Inc.
 
Drilling Down Into DNS DDoS
Drilling Down Into DNS DDoSDrilling Down Into DNS DDoS
Drilling Down Into DNS DDoS
 
Avoiding dns amplification attacks
Avoiding dns amplification attacksAvoiding dns amplification attacks
Avoiding dns amplification attacks
 
Dns reflection attacks webinar slides
Dns reflection attacks webinar slidesDns reflection attacks webinar slides
Dns reflection attacks webinar slides
 

Similar to IoT - the Next Wave of DDoS Threat Landscape

Seguridad en Capas: Smart & Actionable Data
Seguridad en Capas: Smart & Actionable DataSeguridad en Capas: Smart & Actionable Data
Seguridad en Capas: Smart & Actionable DataCristian Garcia G.
 
Arbor Presentation
Arbor Presentation Arbor Presentation
Arbor Presentation J Hartig
 
04 (IDNOG01) Handling massive numbers subscribers and attacks by Takeki kumamura
04 (IDNOG01) Handling massive numbers subscribers and attacks by Takeki kumamura04 (IDNOG01) Handling massive numbers subscribers and attacks by Takeki kumamura
04 (IDNOG01) Handling massive numbers subscribers and attacks by Takeki kumamuraIndonesia Network Operators Group
 
CIRA Labs - Secure Home Gateway Project 2019-03.pptx
CIRA Labs - Secure Home Gateway Project 2019-03.pptxCIRA Labs - Secure Home Gateway Project 2019-03.pptx
CIRA Labs - Secure Home Gateway Project 2019-03.pptxssuserfb92ae
 
The Stakes Have Changed – The Changing Security Landscape by Tony Teo
The Stakes Have Changed – The Changing Security Landscape by Tony TeoThe Stakes Have Changed – The Changing Security Landscape by Tony Teo
The Stakes Have Changed – The Changing Security Landscape by Tony TeoMyNOG
 
IoT DDoS Attacks: the stakes have changed
IoT DDoS Attacks: the stakes have changed IoT DDoS Attacks: the stakes have changed
IoT DDoS Attacks: the stakes have changed Great Bay Software
 
FiSH 2017 (Fukuoka International Startup Hub)| SORACOM The secure, scalable, ...
FiSH 2017 (Fukuoka International Startup Hub)| SORACOM The secure, scalable, ...FiSH 2017 (Fukuoka International Startup Hub)| SORACOM The secure, scalable, ...
FiSH 2017 (Fukuoka International Startup Hub)| SORACOM The secure, scalable, ...SORACOM,INC
 
VOIP2DAY 2015: "WebRTC security concerns, a real problem?"
VOIP2DAY 2015: "WebRTC security concerns, a real problem?"VOIP2DAY 2015: "WebRTC security concerns, a real problem?"
VOIP2DAY 2015: "WebRTC security concerns, a real problem?"Quobis
 
WebRTC Security Concerns, a real problem?
WebRTC Security Concerns, a real problem?WebRTC Security Concerns, a real problem?
WebRTC Security Concerns, a real problem?VOIP2DAY
 
What is ThousandEyes Webinar
What is ThousandEyes WebinarWhat is ThousandEyes Webinar
What is ThousandEyes WebinarThousandEyes
 
2021 01-27 reducing risk of ransomware webinar
2021 01-27 reducing risk of ransomware webinar2021 01-27 reducing risk of ransomware webinar
2021 01-27 reducing risk of ransomware webinarAlgoSec
 
Migration to microsoft_azure_with_zscaler
Migration to microsoft_azure_with_zscalerMigration to microsoft_azure_with_zscaler
Migration to microsoft_azure_with_zscalerZscaler
 
PLNOG15: Implementation of integrated DDI/NAC solution for a health insurance...
PLNOG15: Implementation of integrated DDI/NAC solution for a health insurance...PLNOG15: Implementation of integrated DDI/NAC solution for a health insurance...
PLNOG15: Implementation of integrated DDI/NAC solution for a health insurance...PROIDEA
 
Cyber security fundamentals (Cantonese)
Cyber security fundamentals (Cantonese)Cyber security fundamentals (Cantonese)
Cyber security fundamentals (Cantonese)Cloudflare
 
Botnet Detection And Countermeasures
Botnet Detection And CountermeasuresBotnet Detection And Countermeasures
Botnet Detection And CountermeasuresSynerzip
 
Segurdad de red para la generacion de la nube symantec
Segurdad de red para la generacion de la nube symantecSegurdad de red para la generacion de la nube symantec
Segurdad de red para la generacion de la nube symantecCSA Argentina
 
Cyber security fundamentals
Cyber security fundamentalsCyber security fundamentals
Cyber security fundamentalsCloudflare
 
Introduction to ThousandEyes
Introduction to ThousandEyesIntroduction to ThousandEyes
Introduction to ThousandEyesThousandEyes
 

Similar to IoT - the Next Wave of DDoS Threat Landscape (20)

Seguridad en Capas: Smart & Actionable Data
Seguridad en Capas: Smart & Actionable DataSeguridad en Capas: Smart & Actionable Data
Seguridad en Capas: Smart & Actionable Data
 
Conférence ARBOR ACSS 2018
Conférence ARBOR ACSS 2018Conférence ARBOR ACSS 2018
Conférence ARBOR ACSS 2018
 
Arbor Presentation
Arbor Presentation Arbor Presentation
Arbor Presentation
 
04 (IDNOG01) Handling massive numbers subscribers and attacks by Takeki kumamura
04 (IDNOG01) Handling massive numbers subscribers and attacks by Takeki kumamura04 (IDNOG01) Handling massive numbers subscribers and attacks by Takeki kumamura
04 (IDNOG01) Handling massive numbers subscribers and attacks by Takeki kumamura
 
CIRA Labs - Secure Home Gateway Project 2019-03.pptx
CIRA Labs - Secure Home Gateway Project 2019-03.pptxCIRA Labs - Secure Home Gateway Project 2019-03.pptx
CIRA Labs - Secure Home Gateway Project 2019-03.pptx
 
The Stakes Have Changed – The Changing Security Landscape by Tony Teo
The Stakes Have Changed – The Changing Security Landscape by Tony TeoThe Stakes Have Changed – The Changing Security Landscape by Tony Teo
The Stakes Have Changed – The Changing Security Landscape by Tony Teo
 
IoT DDoS Attacks: the stakes have changed
IoT DDoS Attacks: the stakes have changed IoT DDoS Attacks: the stakes have changed
IoT DDoS Attacks: the stakes have changed
 
Atelier Technique ARBOR NETWORKS ACSS 2018
Atelier Technique ARBOR NETWORKS ACSS 2018Atelier Technique ARBOR NETWORKS ACSS 2018
Atelier Technique ARBOR NETWORKS ACSS 2018
 
FiSH 2017 (Fukuoka International Startup Hub)| SORACOM The secure, scalable, ...
FiSH 2017 (Fukuoka International Startup Hub)| SORACOM The secure, scalable, ...FiSH 2017 (Fukuoka International Startup Hub)| SORACOM The secure, scalable, ...
FiSH 2017 (Fukuoka International Startup Hub)| SORACOM The secure, scalable, ...
 
VOIP2DAY 2015: "WebRTC security concerns, a real problem?"
VOIP2DAY 2015: "WebRTC security concerns, a real problem?"VOIP2DAY 2015: "WebRTC security concerns, a real problem?"
VOIP2DAY 2015: "WebRTC security concerns, a real problem?"
 
WebRTC Security Concerns, a real problem?
WebRTC Security Concerns, a real problem?WebRTC Security Concerns, a real problem?
WebRTC Security Concerns, a real problem?
 
What is ThousandEyes Webinar
What is ThousandEyes WebinarWhat is ThousandEyes Webinar
What is ThousandEyes Webinar
 
2021 01-27 reducing risk of ransomware webinar
2021 01-27 reducing risk of ransomware webinar2021 01-27 reducing risk of ransomware webinar
2021 01-27 reducing risk of ransomware webinar
 
Migration to microsoft_azure_with_zscaler
Migration to microsoft_azure_with_zscalerMigration to microsoft_azure_with_zscaler
Migration to microsoft_azure_with_zscaler
 
PLNOG15: Implementation of integrated DDI/NAC solution for a health insurance...
PLNOG15: Implementation of integrated DDI/NAC solution for a health insurance...PLNOG15: Implementation of integrated DDI/NAC solution for a health insurance...
PLNOG15: Implementation of integrated DDI/NAC solution for a health insurance...
 
Cyber security fundamentals (Cantonese)
Cyber security fundamentals (Cantonese)Cyber security fundamentals (Cantonese)
Cyber security fundamentals (Cantonese)
 
Botnet Detection And Countermeasures
Botnet Detection And CountermeasuresBotnet Detection And Countermeasures
Botnet Detection And Countermeasures
 
Segurdad de red para la generacion de la nube symantec
Segurdad de red para la generacion de la nube symantecSegurdad de red para la generacion de la nube symantec
Segurdad de red para la generacion de la nube symantec
 
Cyber security fundamentals
Cyber security fundamentalsCyber security fundamentals
Cyber security fundamentals
 
Introduction to ThousandEyes
Introduction to ThousandEyesIntroduction to ThousandEyes
Introduction to ThousandEyes
 

More from APNIC

IP addressing and IPv6, presented by Paul Wilson at IETF 119
IP addressing and IPv6, presented by Paul Wilson at IETF 119IP addressing and IPv6, presented by Paul Wilson at IETF 119
IP addressing and IPv6, presented by Paul Wilson at IETF 119APNIC
 
draft-harrison-sidrops-manifest-number-01, presented at IETF 119
draft-harrison-sidrops-manifest-number-01, presented at IETF 119draft-harrison-sidrops-manifest-number-01, presented at IETF 119
draft-harrison-sidrops-manifest-number-01, presented at IETF 119APNIC
 
Making an RFC in Today's IETF, presented by Geoff Huston at IETF 119
Making an RFC in Today's IETF, presented by Geoff Huston at IETF 119Making an RFC in Today's IETF, presented by Geoff Huston at IETF 119
Making an RFC in Today's IETF, presented by Geoff Huston at IETF 119APNIC
 
IPv6 Operational Issues (with DNS), presented by Geoff Huston at IETF 119
IPv6 Operational Issues (with DNS), presented by Geoff Huston at IETF 119IPv6 Operational Issues (with DNS), presented by Geoff Huston at IETF 119
IPv6 Operational Issues (with DNS), presented by Geoff Huston at IETF 119APNIC
 
Is DNS ready for IPv6, presented by Geoff Huston at IETF 119
Is DNS ready for IPv6, presented by Geoff Huston at IETF 119Is DNS ready for IPv6, presented by Geoff Huston at IETF 119
Is DNS ready for IPv6, presented by Geoff Huston at IETF 119APNIC
 
Benefits of doing Internet peering and running an Internet Exchange (IX) pres...
Benefits of doing Internet peering and running an Internet Exchange (IX) pres...Benefits of doing Internet peering and running an Internet Exchange (IX) pres...
Benefits of doing Internet peering and running an Internet Exchange (IX) pres...APNIC
 
APNIC Update and RIR Policies for ccTLDs, presented at APTLD 85
APNIC Update and RIR Policies for ccTLDs, presented at APTLD 85APNIC Update and RIR Policies for ccTLDs, presented at APTLD 85
APNIC Update and RIR Policies for ccTLDs, presented at APTLD 85APNIC
 
NANOG 90: 'BGP in 2023' presented by Geoff Huston
NANOG 90: 'BGP in 2023' presented by Geoff HustonNANOG 90: 'BGP in 2023' presented by Geoff Huston
NANOG 90: 'BGP in 2023' presented by Geoff HustonAPNIC
 
DNS-OARC 42: Is the DNS ready for IPv6? presentation by Geoff Huston
DNS-OARC 42: Is the DNS ready for IPv6? presentation by Geoff HustonDNS-OARC 42: Is the DNS ready for IPv6? presentation by Geoff Huston
DNS-OARC 42: Is the DNS ready for IPv6? presentation by Geoff HustonAPNIC
 
APAN 57: APNIC Report at APAN 57, Bangkok, Thailand
APAN 57: APNIC Report at APAN 57, Bangkok, ThailandAPAN 57: APNIC Report at APAN 57, Bangkok, Thailand
APAN 57: APNIC Report at APAN 57, Bangkok, ThailandAPNIC
 
Lao Digital Week 2024: It's time to deploy IPv6
Lao Digital Week 2024: It's time to deploy IPv6Lao Digital Week 2024: It's time to deploy IPv6
Lao Digital Week 2024: It's time to deploy IPv6APNIC
 
AINTEC 2023: Networking in the Penumbra!
AINTEC 2023: Networking in the Penumbra!AINTEC 2023: Networking in the Penumbra!
AINTEC 2023: Networking in the Penumbra!APNIC
 
CNIRC 2023: Global and Regional IPv6 Deployment 2023
CNIRC 2023: Global and Regional IPv6 Deployment 2023CNIRC 2023: Global and Regional IPv6 Deployment 2023
CNIRC 2023: Global and Regional IPv6 Deployment 2023APNIC
 
AFSIG 2023: APNIC Foundation and support for Internet development
AFSIG 2023: APNIC Foundation and support for Internet developmentAFSIG 2023: APNIC Foundation and support for Internet development
AFSIG 2023: APNIC Foundation and support for Internet developmentAPNIC
 
AFNOG 1: Afghanistan IP Deployment Status
AFNOG 1: Afghanistan IP Deployment StatusAFNOG 1: Afghanistan IP Deployment Status
AFNOG 1: Afghanistan IP Deployment StatusAPNIC
 
AFSIG 2023: Internet routing and addressing
AFSIG 2023: Internet routing and addressingAFSIG 2023: Internet routing and addressing
AFSIG 2023: Internet routing and addressingAPNIC
 
AFSIG 2023: APNIC - Registry & Development
AFSIG 2023: APNIC - Registry & DevelopmentAFSIG 2023: APNIC - Registry & Development
AFSIG 2023: APNIC - Registry & DevelopmentAPNIC
 
Afghanistan IGF 2023: The ABCs and importance of cybersecurity
Afghanistan IGF 2023: The ABCs and importance of cybersecurityAfghanistan IGF 2023: The ABCs and importance of cybersecurity
Afghanistan IGF 2023: The ABCs and importance of cybersecurityAPNIC
 
IDNIC OPM 2023: IPv6 deployment planning and security considerations
IDNIC OPM 2023: IPv6 deployment planning and security considerationsIDNIC OPM 2023: IPv6 deployment planning and security considerations
IDNIC OPM 2023: IPv6 deployment planning and security considerationsAPNIC
 
IDNIC OPM 2023 - Internet Number Registry System
IDNIC OPM 2023 - Internet Number Registry SystemIDNIC OPM 2023 - Internet Number Registry System
IDNIC OPM 2023 - Internet Number Registry SystemAPNIC
 

More from APNIC (20)

IP addressing and IPv6, presented by Paul Wilson at IETF 119
IP addressing and IPv6, presented by Paul Wilson at IETF 119IP addressing and IPv6, presented by Paul Wilson at IETF 119
IP addressing and IPv6, presented by Paul Wilson at IETF 119
 
draft-harrison-sidrops-manifest-number-01, presented at IETF 119
draft-harrison-sidrops-manifest-number-01, presented at IETF 119draft-harrison-sidrops-manifest-number-01, presented at IETF 119
draft-harrison-sidrops-manifest-number-01, presented at IETF 119
 
Making an RFC in Today's IETF, presented by Geoff Huston at IETF 119
Making an RFC in Today's IETF, presented by Geoff Huston at IETF 119Making an RFC in Today's IETF, presented by Geoff Huston at IETF 119
Making an RFC in Today's IETF, presented by Geoff Huston at IETF 119
 
IPv6 Operational Issues (with DNS), presented by Geoff Huston at IETF 119
IPv6 Operational Issues (with DNS), presented by Geoff Huston at IETF 119IPv6 Operational Issues (with DNS), presented by Geoff Huston at IETF 119
IPv6 Operational Issues (with DNS), presented by Geoff Huston at IETF 119
 
Is DNS ready for IPv6, presented by Geoff Huston at IETF 119
Is DNS ready for IPv6, presented by Geoff Huston at IETF 119Is DNS ready for IPv6, presented by Geoff Huston at IETF 119
Is DNS ready for IPv6, presented by Geoff Huston at IETF 119
 
Benefits of doing Internet peering and running an Internet Exchange (IX) pres...
Benefits of doing Internet peering and running an Internet Exchange (IX) pres...Benefits of doing Internet peering and running an Internet Exchange (IX) pres...
Benefits of doing Internet peering and running an Internet Exchange (IX) pres...
 
APNIC Update and RIR Policies for ccTLDs, presented at APTLD 85
APNIC Update and RIR Policies for ccTLDs, presented at APTLD 85APNIC Update and RIR Policies for ccTLDs, presented at APTLD 85
APNIC Update and RIR Policies for ccTLDs, presented at APTLD 85
 
NANOG 90: 'BGP in 2023' presented by Geoff Huston
NANOG 90: 'BGP in 2023' presented by Geoff HustonNANOG 90: 'BGP in 2023' presented by Geoff Huston
NANOG 90: 'BGP in 2023' presented by Geoff Huston
 
DNS-OARC 42: Is the DNS ready for IPv6? presentation by Geoff Huston
DNS-OARC 42: Is the DNS ready for IPv6? presentation by Geoff HustonDNS-OARC 42: Is the DNS ready for IPv6? presentation by Geoff Huston
DNS-OARC 42: Is the DNS ready for IPv6? presentation by Geoff Huston
 
APAN 57: APNIC Report at APAN 57, Bangkok, Thailand
APAN 57: APNIC Report at APAN 57, Bangkok, ThailandAPAN 57: APNIC Report at APAN 57, Bangkok, Thailand
APAN 57: APNIC Report at APAN 57, Bangkok, Thailand
 
Lao Digital Week 2024: It's time to deploy IPv6
Lao Digital Week 2024: It's time to deploy IPv6Lao Digital Week 2024: It's time to deploy IPv6
Lao Digital Week 2024: It's time to deploy IPv6
 
AINTEC 2023: Networking in the Penumbra!
AINTEC 2023: Networking in the Penumbra!AINTEC 2023: Networking in the Penumbra!
AINTEC 2023: Networking in the Penumbra!
 
CNIRC 2023: Global and Regional IPv6 Deployment 2023
CNIRC 2023: Global and Regional IPv6 Deployment 2023CNIRC 2023: Global and Regional IPv6 Deployment 2023
CNIRC 2023: Global and Regional IPv6 Deployment 2023
 
AFSIG 2023: APNIC Foundation and support for Internet development
AFSIG 2023: APNIC Foundation and support for Internet developmentAFSIG 2023: APNIC Foundation and support for Internet development
AFSIG 2023: APNIC Foundation and support for Internet development
 
AFNOG 1: Afghanistan IP Deployment Status
AFNOG 1: Afghanistan IP Deployment StatusAFNOG 1: Afghanistan IP Deployment Status
AFNOG 1: Afghanistan IP Deployment Status
 
AFSIG 2023: Internet routing and addressing
AFSIG 2023: Internet routing and addressingAFSIG 2023: Internet routing and addressing
AFSIG 2023: Internet routing and addressing
 
AFSIG 2023: APNIC - Registry & Development
AFSIG 2023: APNIC - Registry & DevelopmentAFSIG 2023: APNIC - Registry & Development
AFSIG 2023: APNIC - Registry & Development
 
Afghanistan IGF 2023: The ABCs and importance of cybersecurity
Afghanistan IGF 2023: The ABCs and importance of cybersecurityAfghanistan IGF 2023: The ABCs and importance of cybersecurity
Afghanistan IGF 2023: The ABCs and importance of cybersecurity
 
IDNIC OPM 2023: IPv6 deployment planning and security considerations
IDNIC OPM 2023: IPv6 deployment planning and security considerationsIDNIC OPM 2023: IPv6 deployment planning and security considerations
IDNIC OPM 2023: IPv6 deployment planning and security considerations
 
IDNIC OPM 2023 - Internet Number Registry System
IDNIC OPM 2023 - Internet Number Registry SystemIDNIC OPM 2023 - Internet Number Registry System
IDNIC OPM 2023 - Internet Number Registry System
 

Recently uploaded

Top 10 Interactive Website Design Trends in 2024.pptx
Top 10 Interactive Website Design Trends in 2024.pptxTop 10 Interactive Website Design Trends in 2024.pptx
Top 10 Interactive Website Design Trends in 2024.pptxDyna Gilbert
 
Film cover research (1).pptxsdasdasdasdasdasa
Film cover research (1).pptxsdasdasdasdasdasaFilm cover research (1).pptxsdasdasdasdasdasa
Film cover research (1).pptxsdasdasdasdasdasa494f574xmv
 
SCM Symposium PPT Format Customer loyalty is predi
SCM Symposium PPT Format Customer loyalty is prediSCM Symposium PPT Format Customer loyalty is predi
SCM Symposium PPT Format Customer loyalty is predieusebiomeyer
 
『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书
『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书
『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书rnrncn29
 
Font Performance - NYC WebPerf Meetup April '24
Font Performance - NYC WebPerf Meetup April '24Font Performance - NYC WebPerf Meetup April '24
Font Performance - NYC WebPerf Meetup April '24Paul Calvano
 
Call Girls Near The Suryaa Hotel New Delhi 9873777170
Call Girls Near The Suryaa Hotel New Delhi 9873777170Call Girls Near The Suryaa Hotel New Delhi 9873777170
Call Girls Near The Suryaa Hotel New Delhi 9873777170Sonam Pathan
 
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作ys8omjxb
 
Q4-1-Illustrating-Hypothesis-Testing.pptx
Q4-1-Illustrating-Hypothesis-Testing.pptxQ4-1-Illustrating-Hypothesis-Testing.pptx
Q4-1-Illustrating-Hypothesis-Testing.pptxeditsforyah
 
Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170
Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170
Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170Sonam Pathan
 
PHP-based rendering of TYPO3 Documentation
PHP-based rendering of TYPO3 DocumentationPHP-based rendering of TYPO3 Documentation
PHP-based rendering of TYPO3 DocumentationLinaWolf1
 
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书zdzoqco
 
『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书
『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书
『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书rnrncn29
 
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一z xss
 
NSX-T and Service Interfaces presentation
NSX-T and Service Interfaces presentationNSX-T and Service Interfaces presentation
NSX-T and Service Interfaces presentationMarko4394
 
Contact Rya Baby for Call Girls New Delhi
Contact Rya Baby for Call Girls New DelhiContact Rya Baby for Call Girls New Delhi
Contact Rya Baby for Call Girls New Delhimiss dipika
 

Recently uploaded (17)

young call girls in Uttam Nagar🔝 9953056974 🔝 Delhi escort Service
young call girls in Uttam Nagar🔝 9953056974 🔝 Delhi escort Serviceyoung call girls in Uttam Nagar🔝 9953056974 🔝 Delhi escort Service
young call girls in Uttam Nagar🔝 9953056974 🔝 Delhi escort Service
 
Top 10 Interactive Website Design Trends in 2024.pptx
Top 10 Interactive Website Design Trends in 2024.pptxTop 10 Interactive Website Design Trends in 2024.pptx
Top 10 Interactive Website Design Trends in 2024.pptx
 
Film cover research (1).pptxsdasdasdasdasdasa
Film cover research (1).pptxsdasdasdasdasdasaFilm cover research (1).pptxsdasdasdasdasdasa
Film cover research (1).pptxsdasdasdasdasdasa
 
SCM Symposium PPT Format Customer loyalty is predi
SCM Symposium PPT Format Customer loyalty is prediSCM Symposium PPT Format Customer loyalty is predi
SCM Symposium PPT Format Customer loyalty is predi
 
『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书
『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书
『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书
 
Font Performance - NYC WebPerf Meetup April '24
Font Performance - NYC WebPerf Meetup April '24Font Performance - NYC WebPerf Meetup April '24
Font Performance - NYC WebPerf Meetup April '24
 
Call Girls Near The Suryaa Hotel New Delhi 9873777170
Call Girls Near The Suryaa Hotel New Delhi 9873777170Call Girls Near The Suryaa Hotel New Delhi 9873777170
Call Girls Near The Suryaa Hotel New Delhi 9873777170
 
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作
 
Q4-1-Illustrating-Hypothesis-Testing.pptx
Q4-1-Illustrating-Hypothesis-Testing.pptxQ4-1-Illustrating-Hypothesis-Testing.pptx
Q4-1-Illustrating-Hypothesis-Testing.pptx
 
Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170
Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170
Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170
 
PHP-based rendering of TYPO3 Documentation
PHP-based rendering of TYPO3 DocumentationPHP-based rendering of TYPO3 Documentation
PHP-based rendering of TYPO3 Documentation
 
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书
 
『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书
『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书
『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书
 
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一
 
NSX-T and Service Interfaces presentation
NSX-T and Service Interfaces presentationNSX-T and Service Interfaces presentation
NSX-T and Service Interfaces presentation
 
Hot Sexy call girls in Rk Puram 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in  Rk Puram 🔝 9953056974 🔝 Delhi escort ServiceHot Sexy call girls in  Rk Puram 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Rk Puram 🔝 9953056974 🔝 Delhi escort Service
 
Contact Rya Baby for Call Girls New Delhi
Contact Rya Baby for Call Girls New DelhiContact Rya Baby for Call Girls New Delhi
Contact Rya Baby for Call Girls New Delhi
 

IoT - the Next Wave of DDoS Threat Landscape

  • 1. IoT - Next Wave of DDoS? IoT Sourced DDoS Attacks A Focus on Mirai Botnet and Best Practices in DDoS Defense
  • 2. 2©2016 ARBOR® CONFIDENTIAL & PROPRIETARY • Largest attack reported was 800 Gbps with other respondents reporting attacks of 600 Gbps, 550 Gbps, and 500 Gbps • One third of respondents report peak attacks over 100Gbps • 41% of EGE respondents and 61% of data-center operators reported attacks exceeding their total Internet capacity DDoS Attacks Increasing in Size, Frequency & Complexity Arbor Networks WISR XII
  • 3. 3©2016 ARBOR® CONFIDENTIAL & PROPRIETARY • Peak monitored attack of 579Gbps, 73% growth from 2015 • 558 attacks over 100Gbps, 87 over 200Gbps – Compared to 223 and 16 in 2015 • 20% of attacks over 1Gbps, as opposed to 16% in 2015 • Average attacks size now 931Mbps, up from 760Mbps, a 23% increase Arbor Networks ATLAS DDoS statistics
  • 4. 4©2016 ARBOR® CONFIDENTIAL & PROPRIETARY DDoS Attack Trends 238.8 276.6 298.6 270.2 156.5 579.6 330.2 267.3 489.4 327.4 498.3 392.7 0 100 200 300 400 500 600 700 Jan-16 Feb-16 Mar-16 Apr-16 May-16 Jun-16 Jul-16 Aug-16 Sep-16 Oct-16 Nov-16 Dec-16 Worldwide Peak attack size (Gbps) 559329 493789 495581 482114 460641 503767 607848 619691 645590 644256 552766 630912 0 100000 200000 300000 400000 500000 600000 700000 Jan-16 Feb-16 Mar-16 Apr-16 May-16 Jun-16 Jul-16 Aug-16 Sep-16 Oct-16 Nov-16 Dec-16 no of DDoS attacks
  • 5. 5©2016 ARBOR® CONFIDENTIAL & PROPRIETARY DDoS Attack Trends Year 2016 Global APAC Peak attack size 579.59 Gbps 196.06 Gbps Average attack size 931.24 Mbps 640.78 Mbps Average duration 55 min 20 sec 40 min 39 sec Attack dest port TCP/80 TCP/80 Top reflection attack type DNS DNS 177.1 260.3 287.8 135.47 71.15 147.7 196.06 104.7 166.5 154.6 134.8 149.1 0 50 100 150 200 250 300 350 Jan-16 Feb-16 Mar-16 Apr-16 May-16 Jun-16 Jul-16 Aug-16 Sep-16 Oct-16 Nov-16 Dec-16 APAC DDoS peak attack size (Gbps)
  • 6. 6©2016 ARBOR® CONFIDENTIAL & PROPRIETARY Service Provider Attack Types WISR XII DDoS trend
  • 7. 7©2016 ARBOR® CONFIDENTIAL & PROPRIETARY • SPs see Government, Finance and Hosting as top targets • SPs seeing attacks on cloud services drops from one third to one quarter • 42% of EGE respondents experienced an attack – 63% of finance, up from 45% – 53% of government, up from 43% DDoS Targets
  • 8. 8©2016 ARBOR® CONFIDENTIAL & PROPRIETARY The Result • First high-profile attack using IoT devices Christmas 2013, using CPE and webcams • In 2016 Botnet owners started to recruit IoT devices en mass • Attacks of 540Gbps against the Olympics, 620Gbps against Krebs, Dyn etc.. The Problem • Almost every piece of technology we buy is ‘connected’ • Devices are designed to be easy to deploy and use, often resulting in limited security capabilities • Software is very rarely upgraded. Some manufacturers don’t provide updates, or the ability to install updates DDoS driving factors - IoT
  • 9. 9©2016 ARBOR® CONFIDENTIAL & PROPRIETARY Cost of DDoS Service Impact to Victim DDoS Attacks Are The Great Equalizer… Ability It’s Never Been Easier to Launch a DDoS Attack. DDoS attack tools and DDoS for Hire Services add to the weaponization of DDoS. Fact:
  • 10. 10©2016 ARBOR® CONFIDENTIAL & PROPRIETARY Abusable IoT Devices Weaponization and Ease of Attack Rise in IoT-Based DDoS Attacks Two Mega Trends Merging to Create “The Perfect Storm”?
  • 11. 11©2016 ARBOR® CONFIDENTIAL & PROPRIETARY ◦ Approximately 500,000 compromised IoT devices worldwide. ◦ Default user name and passwords enabled and open ports in firewalls (Telnet TCP 23/2323). ◦ IoT devices are subsumed into botnet by continuous, automated scanning by other compromised Mirai botnet IoT devices. ◦ Rebooting device removes malware, but its estimated that it will take less than 10 min to be rescanned and become part of botnet again. The Mirai Botnet
  • 12. 12©2016 ARBOR® CONFIDENTIAL & PROPRIETARY Mirai is NOT Just a DNS Attack Attack Vectors: ◦ SYN-flooding ◦ ACK-flooding ◦ UDP flooding ◦ Valve Source Engine (VSE) query-flooding ◦ GRE-flooding ◦ Pseudo-random DNS label-prepending attacks (also known as DNS ‘Water Torture’ attacks) ◦ HTTP GET, POST and HEAD attacks. ◦ The Mirai Botnet is capable of launching complex, multi-vector attacks.
  • 13. 13©2016 ARBOR® CONFIDENTIAL & PROPRIETARY The Mirai Botnet (cont’d) ◦ Segmented command-and-control. ◦ Capable of launching simultaneous DDoS attacks against multiple targets. ◦ Non-spoofed traffic. (could change in future) ◦ Code has been released to wild…already seeing signs of alteration.
  • 14. 14©2016 ARBOR® CONFIDENTIAL & PROPRIETARY IoT Botnets Are Not New and On The Rise 4000 500 1000 3500 July 2014 April 2016 Aug 2016 100 1000 200 300 400 800 900 Oct 2016 MIRAI IOT BOTNET LIZARDSTRESSER IOT BOTNET TARGETS BRAZIL AttackSize(Gbps) 600 500 700 Targets were organizations affiliated with major international sporting events (e.g. gov’t, banks, sponsors, etc.). Pre-event activity Dyn OVH ? Who/What Next?
  • 15. 15©2016 ARBOR® CONFIDENTIAL & PROPRIETARY ◦ Summer, 2016 – 540 Gbps attack on an organization associated with the Rio Olympics (Lizardstresser) ◦ September 20th – 620 Gbps attack targeting KrebsOnSecurity.com (Mirai) ◦ September 21st – 990 Gbps attack targeting OVH (Mirai) ◦ September 30th – Mirai source code leaked ◦ October 21st – Dyn’s Managed DNS Infrastructure Targeted (Mirai) ◦ October 31st – 600 Gbps attack on Liberia (Mirai) RECENT ATTACKS
  • 16. 16©2016 ARBOR® CONFIDENTIAL & PROPRIETARY ◦ Embedded or stripped-down versions of Linux ◦ Easy to target a wide range of devices ◦ Limited security features ◦ Internet-accessible ◦ Unfettered outbound access ◦ Market Dynamics ◦ Extremely Low-margin Products not differentiated by security features ◦ Chip makers à ODM’s à Brand Company à End User ‒ No security expertise, No incentive for Security ◦ Result ◦ A large population of highly susceptible, high bandwidth devices that cannot or will not be patched or otherwise secured. WHY IoT DEVICES?
  • 17. 17©2016 ARBOR® CONFIDENTIAL & PROPRIETARY DEFAULT CREDENTIALS FOR IOT DEVICEShttps://krebsonsecurity.com/wp-content/uploads/2016/10/IoTbadpass-Sheet1.pdf
  • 18. 18©2016 ARBOR® CONFIDENTIAL & PROPRIETARY Mirai – Propagation, Command and Control Bot (compromised) Telnet Scan (TCP/23) Brute Force 1 IoT Device ScanListen Service 2 Report: - Discovered IP - Successful Creds Telnet Port Scans TCP/48101 Already Compromised? Loader Install Bot Code 3 4 5 New Victim - IP - Creds C2 6 Check-In TCP/23
  • 19. 19©2016 ARBOR® CONFIDENTIAL & PROPRIETARY Mirai – Propagation, Command and Control Bot (compromised) Telnet Scan (TCP/23) Brute Force 1 Bot (compromised) ScanListen Service 2 Report: - Discovered IP - Successful Creds Telnet Port Scans TCP/48101 Already Compromised? Loader Install Bot Code 3 4 5 New Victim - IP - Creds C2 6 Check-In TCP/23 Telnet Port Scans 7 And the beat goes on ...
  • 20. 20©2016 ARBOR® CONFIDENTIAL & PROPRIETARY ◦ Predominantly Webcam IoT devices ◦ Approximately 500,000 devices worldwide ◦ High concentrations in China, Hong Kong, Macau, Vietnam, Taiwan, South Korea, Thailand, Indonesia, Brazil, and Spain ◦ Segmented Control ◦ Multi-Vector Attack Support: ◦ Krebs, OVH, Dyn, and Liberia ◦ Does not imply it was the same adversaries!!! THE MIRAI BOTNET
  • 21. 21©2016 ARBOR® CONFIDENTIAL & PROPRIETARY ◦ Three Attacks Targeting Dyn’s Managed DNS Infrastructure ◦ Dyn Customers include ◦ Netflix, Twitter, Reddit, Github, Spotify, PayPal, Airbnb, NYT, etc. ◦ Large-scale outages for Dyn Customers, even though the customers were not attacked directly DYN ATTACKS ON OCTOBER 21ST
  • 22. 22©2016 ARBOR® CONFIDENTIAL & PROPRIETARY ATLAS IoT Botnet tracking • Network of honeypots setup to monitor IoT compromise activities • Snapshots of activities from 29 Nov to 12 Dec 2016 • 1,027,543 login attempts from a total of 92,317 unique IP addresses • Peak login attempts per hour is 18,054
  • 23. 23©2016 ARBOR® CONFIDENTIAL & PROPRIETARY ATLAS IoT Botnet tracking • Billions of IoT devices connected to the Internet – Estimates vary, 5B+, with millions added every day • Arbor honeypot devices look for exploit activity on Telnet / SSH ports • 1M login attempts from 11/29 to 12/12 from 92K unique IP addresses • More than 1 attempt per minute in some regions
  • 24. 24©2016 ARBOR® CONFIDENTIAL & PROPRIETARY ATLAS IoT Botnet tracking Country Number of Attempts China 102,975 Vietnam 26,573 Republic of Korea 19,465 USA 17,062 Brazil 16,609 Russia 13,378 Taiwan 11,697 Hong Kong 11,200 Turkey 10,190 Romania 9,856
  • 25. 25©2016 ARBOR® CONFIDENTIAL & PROPRIETARY ATLAS IoT Botnet tracking 0 2000 4000 6000 8000 10000 12000 14000 16000 18000 20000 28/11/2016 0:00 30/11/2016 0:00 2/12/2016 0:00 4/12/2016 0:00 6/12/2016 0:00 8/12/2016 0:00 10/12/2016 0:00 12/12/2016 0:00 14/12/2016 0:00 Login attempts per hour Sum Sum SSH Sum Telnet
  • 26. 26©2016 ARBOR® CONFIDENTIAL & PROPRIETARY ATLAS IoT Botnet tracking 0 1000 2000 3000 4000 5000 6000 7000 28/11/2016 30/11/2016 2/12/2016 4/12/2016 6/12/2016 8/12/2016 10/12/2016 12/12/2016 14/12/2016 Login attempt per region APAC EU SA US
  • 27. 27©2016 ARBOR® CONFIDENTIAL & PROPRIETARY ◦ Multiple Highly Distributed Attack Vectors ◦ Dyn originally reported ”10s of millions of IP addresses” ◦ Later corrected to an estimate of 100,000 ◦ Cascading Effect ◦ 2nd Order Impact on Dyn customers ◦ DNS service disruption from original attack generates legitimate retry activity ‒ This is, in part, what caused Dyn to overreport the number of attacking IP’s ◦ 3rd Order Impact on Broadband Operators ◦ Mitigations Performed by Dyn According to Dyn: ◦ Traffic shaping, Anycast Rebalancing, ACL Filtering, Scrubbing Services ATTACK CHARACTERISTICS, EFFECTS, AND MITIGATIONS
  • 28. 28©2016 ARBOR® CONFIDENTIAL & PROPRIETARY Telnet Traffic – IoT botnet growing
  • 29. 29©2016 ARBOR® CONFIDENTIAL & PROPRIETARY Telnet Traffic by Country – Matches Attack SRC
  • 30. 30©2016 ARBOR® CONFIDENTIAL & PROPRIETARY Source: Ponemon Institute: Dec. 2013, Cost of Data Center Outages ◦ On-premises Intelligent DDoS Mitigation Systems (e.g. Arbor APS / TMS products) ◦ Overlay cloud-based DDoS protection services (i.e. Arbor Cloud or ISP/MSSP) ◦ Network infrastructure- based techniques such as S/RTBH & Flowspec at all network edges 10 Best Practices in DDoS Defense ◦ Factor network availability into the design of online services or applications; continuously stress-test. ◦ Develop a DDoS Attack Mitigation Process ◦ Continuously stress-test & refine. ◦ Utilize flow telemetry (e.g. NetFlow) collection & analysis for attack detection, classification & trace back. Deploy multi-layered DDoS protection which includes: ◦ Scan for misconfigured, abusable services running on servers, routers, switches, home CPE devices, etc. (i.e. TCP 23/2323). Alert users running abusable services – possibly blocking until they are remediated. 1 2 3 4 5
  • 31. 31©2016 ARBOR® CONFIDENTIAL & PROPRIETARY Source: Ponemon Institute: Dec. 2013, Cost of Data Center Outages 10 Best Practices in DDoS Defense (cont’d) ◦ Participate in the global operational security community and share threat intelligence and defense best practices. ◦ Check Open NTP Project for abusable NTP services on your networks. ◦ Disallow Level 6/7 NTP queries from the Internet. ◦ Check Open Resolve Project for abusable open DNS recursors on your networks. Ensure only authorized users can query recursive DNS servers. ◦ Ensure SNMP is blocked on public-facing infrastructure/ servers. ◦ Employ Anti-spoofing mechanisms such as Unicast Reverse- Path Forwarding, ACLs, DHCP Snooping & IP Source Guard, Cable IP Source Verify, etc. on all edges of ISP and enterprise networks. NTP Services DNS Recursors 6 7 8 9 10
  • 32. 32©2016 ARBOR® CONFIDENTIAL & PROPRIETARY • Nearly half of SPs now implement anti-spoofing filters • Rehearsing DDoS attack processes and procedures is key • 10% increase in SPs running simulations, 37% do this quarterly • EGE 55% now run simulations, 40% do this quarterly • Difficulty in hiring and retaining personnel remains a key issue for both SP and EGE respondents SP WISR XII – Organization Security
  • 33. 33©2016 ARBOR® CONFIDENTIAL & PROPRIETARY For More Information …
  • 34. ©2016 ARBOR® CONFIDENTIAL & PROPRIETARY 34 Thank You