Date post: | 18-Dec-2015 |
Category: |
Documents |
Upload: | sharleen-roberts |
View: | 217 times |
Download: | 0 times |
Akamai Confidential ©2011 Akamai
In the Cloud SecurityHighlighting the Need for Defense-in-Depth
R. H. Powell IVDirector, Government SolutionsCISSP
W: 703.621.4029
M: 703.867.5899
Akamai Confidential ©2011 Akamai
Headlines You May Have Seen
Online attack hits US government Web sites (7 Jul 09)
Twitter DDoS Attack Politically Motivated, Says Report (7 Aug 09)
With botnets everywhere, DDoS attacks get cheaper (15 Oct 09)
Hacker grinches launch DDoS attack against Amazon (29 Dec 09)
Carriers and ISPs fear rise in DDoS attacks in 2010 (20 Jan 10)
Chinese Human Rights Sites Hit by DDoS Attack (25 Jan 10)
Chinese ISP Momentarily hijacks the Internet (again) (8 Apr 10)
The Internet Goes to War (14 Dec 10)
Anonymous Launches DDoS Attacks on Sony (06 Apr 11)
Biggest Series of Cyber-Attacks in History Uncovered (03 Aug 11)
Hackers Target Mexico Government Websites (15 Sep 11)
Anonymous Threatens to ‘Erase NYSE from the Internet’ (3 Oct 11)
LulzSec Hacker Group Claims Attack on US Senate Website (5 Oct 11)
Canadian ISP Website – SQL Injection Vulnerability (5 Oct 11)
Akamai Confidential ©2011 Akamai
Headlines You DID NOT See
President Delays Trip Due to Cyber Attacks
Independence Day Attacks Paralyze the U.S.
Financial & Government Websites Attacked and Taken Down: Stocks Show Concerns
Akamai Confidential ©2011 Akamai
The Threat is Real
DDoS is the #1 Preferred Method of Attack (TrustWave 2011)
74% of surveyed companies experienced one or more DDoS attacks in the past year, 31% of these attacks resulting in service disruption – Forrester Research
LulzSec, Anonymous declare war on government websites Hacker groups call for stealing, leaking classified informationBy Kevin McCaney Jun 20, 2011
Akamai Confidential ©2011 Akamai
Akamai Attack Trends in 2011
Total DDoS attack volume against Akamai customers is growing 100% 2010 – 2011
Average Attack sizes are in the 3 -10 Gbps range
Attacks are originating from all geographies and are moving between geographies during the attack 2009 2010 2011
0
100
200
300
400
500
600
Akamai DDoS Attack Trend Data
2011 volume is projected based on actuals through September
The Akamai network saw more DDoS attacks in the fourth quarter of 2010 than in the first three quarters of the year combined – Tom Leighton, Chief Scientist, Akamai Technologies
Akamai Confidential ©2011 Akamai
Why?Extortion / Theft Political Hackitivism
State Sponsored Traditional Hackers: Glory Hounds
Akamai Confidential ©2011 Akamai
Why?Extortion / Theft Political Hackitivism
State Sponsored Traditional Hackers: Glory Hounds
Akamai Confidential ©2011 Akamai
July 4th DDoS Attack TimelineDistributed, Agile and Multi-Phased Attack
“The first list had only five targets — all U.S. government sites. A second list used by the malware on July 6 had 21 targets, all U.S. government and commercial sector sites, including e-commerce and media sites. A list on the 7th switched out some of the U.S. sites for ones in South Korea. …- Joe Stewart, director of malware research at SecureWorks
“While Treasury Department and Federal Trade Commission Web sites were shut down by the software attack, which lasted for days over the holiday weekend, others such as the Pentagon and the White House were able to fend it off with little disruption” --
New York Times
Akamai Provides Customers the Ability to “Fight Through” the Attack !
All Targeted Applications on the Akamai Platform Remained Available. All Targets Applications not on the Akamai Platform were Rendered Unavailable.
Protected Akamai Customers from Effects
Absorbed: 1M+ Hps; 200+ Gbps; 300k+ Attack IPs
Denied the Attacker - Affects on Targets
Maintained Customer Brand Integrity
Provided Near Real-Time SA & Alerting
Provided Analysis to US Cyber Officials
Akamai Confidential ©2011 Akamai
Oct 5, 2011: Vulnerability Scanning Shut Down
- Scanning triggers alerts- Offending requests are identified and denied <4hrs
Akamai Confidential ©2011 Akamai
Why?Extortion / Theft Political Hackitivism
State Sponsored Traditional Hackers: Glory Hounds
Akamai Confidential ©2011 Akamai
Holiday Season 2010 – DDoS AttacksAttacked eCommerce Web Sites Protected by Akamai
PROTECTED
Customer #1
Customer #2
Customer #3
Customer #4
Customer #5
Times AboveNormal Traffic
9,095x
5,803x
3,115x
2,874x
1,807x
Peak AttackTime (GMT)
11/30 2PM
12/1 2PM
11/30 2PM
12/1 1PM
12/1 1PM
Highly distributed international DDoS attacks from Asia-Pac, South America and Middle East
Customer 1
Customer 2
Customer 3
Averted $15M in Lost Revenue
Akamai Confidential ©2011 Akamai
Why?Extortion / Theft Political Hackitivism
State Sponsored Traditional Hackers: Glory Hounds
Akamai Confidential ©2011 Akamai
Customer Telemetry – Q2 2011 During LOIC Attacks
Average response time during attack:0.87 seconds.
Availability during the LOIC attack: 100%
Akamai Confidential ©2011 Akamai
Why?Extortion / Theft Political Hackitivism
State Sponsored Traditional Hackers: Glory Hounds
Akamai Confidential ©2011 Akamai
Bitcoin
Akamai Confidential ©2011 Akamai
Let’s hold somebody ransom (the actual ransom note)
Your site www.#####.de will be subjected to DDoS attacks 100 Gbit/s.
Pay 100 btc(bitcoin) on the account
1ACFJHoB8Z3KDwDn6XdNTEJb6S7VsQiLZG
Do not reply to this email
Akamai Confidential ©2011 Akamai
BitCoin – The attack
Akamai Confidential ©2011 Akamai
Akamai’s response
Akamai Confidential ©2011 Akamai
FBI Attack Warning
The Tip ->
The Response ->
The Result ->