SlideShare une entreprise Scribd logo

2011 Global Application and Network Security Report

Télécharger en tant que PPTX, PDF
Radware
Radware

The 2011 Radware Global Application & Network Security Report is an informative and practical compilation of security findings providing a view of the state of global cyber security worldwide.

1  sur  20
2011 Global Application & Network Security Report Emergency Response Team (ERT)
AGENDA The ERT Report Attack Motivation & Targets The Multi Vector Attack Campaign
ERT Visibility Into Attacks Radware’s ERT helps customers when they under attack • “Free” access to network architecture & configurations • Unique visibility about how attack actually looks like • Visibility into traffic distribution • Resource status of the network and the applications components • Measure the impact of attacks and the network points of weakness • Lab research (Botnet lab) ERT Sees Attacks in Real-time on a Daily Basis 03
The ERT Annual Report The Report is Based on Two Sources • Survey sent to a wide variety of internet organizations in order to get responses that were vendor neutral and as objective as possible • Includes analysis of about 40 selected cases that were handled by Radware’s ERT To download the full report, please visit: http://www.radware.com/2011globalsecurityreport 04
AGENDA The ERT Report Attack Motivation & Targets The Multi Vector Attack Campaign
Attackers Change in Motivation & Techniques LulzSec Sony, CIA, FBI Vandalism and Publicity Financially Motivated “Hacktivism” Dec 2010 Mar 2011 Blending Motives Operation Netbot Payback DDoS Attack 2010 “Blend” Risk Peru, IMDDOS Chile Kracken (Botnet) Mar 2011 DDoS Srizbi (Botnet) Codero DDoS / (Botnet) 2009 Twitter Rustock 2007 July 2009 “Worms” (Botnet) 2007 Cyber Attacks Storm US & Korea (Botnet) Mar 2011 CodeRed 2007 Operation 2001 Blaster Payback II 2003 Google / Twitter Nimda (Installed Trojan) Estonia’s Web Sites Attacks2009 2001 Agobot DoS Slammer (DoS Botnet) 2007 Mar 2011 DDoS (Attacking SQL sites) Wordpress.com 2003 Republican website DoS 2004 Georgia Web sites DoS 2008 Time 2001 2005 2010 06
Attacker’s Motivation (Survey) Mainly for political reasons • Uses the power of masses of laymen users who were not even fully aware of what the tools they downloaded were doing • In 2011 : Trend toward more sophisticated attack campaigns that are generated also by the “inner-circle” … 07
Attacker’s Motivation (Survey) 08
Attack Sophistication in 2011 • The attacks became more complex with attackers using as many as five different attack vectors in a single “attack campaign” • Blending both network and application attacks in a single attack campaign • Vote on a target, select the most appropriate attack tools, advertise the campaign, invite anyone capable… • Attacker set the attack to the most painful time period for its victim • Perform short “proof-firing” prior to the attack • Tend to not rely just on volunteer participants, but the inner circle 09
AGENDA The ERT Report Attack Motivation & Targets The Multi Vector Attack Campaign
Multi Vector Attack Campaign • Volumetric network level • Application level , Encrypted • Low & Slow • Directed Application DoS • Intrusions • Web attacks (injections, XSS,…) 11
Network Vulnerability Points (Survey Results) Stateful Devices 12
The Server Isn’t Necessarily the 1st to Fail Attackers also seem to understand that availability based threats are more likely to impact the firewall rather than the server. 13
When You Don’t Protect the Firewall • A leading online travel agency was hit by a massive HTTP page flood • More than 4,000 attackers pounded this site for three days with the aim of overloading the site… Actions: 1st – User Agent filter on the Web servers … partial DoS 2nd – Attack mitigation device in front of the servers … partial DoS 3rd – Attack mitigation device in front of the firewall - 100% Availability Firewall Resources Status 14
Low and Slow Tools & Trends • “Low & Slow” attacks are gaining attention ! • Tools such as Slowloris and Socketstress have been able to exploit design weakness a very low rate • R.U.D.Y. - A new tool that can attack any website 15
Low and Slow Tools & Trends THC-SSL-DoS • This tool allows a single computer to knock web servers offline by targeting a well-known weakness in the secure sockets layer implementations. • An “asymmetric attack” - Single client request can cause the server to invest up to 15 times more resources 16
Attack Impact – The “Size Doesn’t Matter” Attack “Size” Impact levels High Low Attack “Size” Real Case Attack Campaign Attack HTTP “Floods” UDP TCP Connection Category App-based Brute Force Connection based Attack HTTP Flood DNS Flood TCP Connection Category Slide 17 17
Multi Vector Attack Campaign – Advanced Tools • Post-LOIC period , Anonymous is not depending on mass user participate for their attacks in order to protect their supporters from legal actions that several countries are already enforcing • To compensate for the LOIC, Anonymous is focusing on their inner-circle hacking activities, which include the development of tools such as #refref that rely on exploiting software vulnerabilities rather than brute force attacks… act as an advanced persistent threat (APT)… 18
Recommendations • Be Prepared for DoS / DDoS Attacks • Be Wary of Complimentary DoS/DDoS Protection • Collect information about attacks such as type, size and frequency; use the right measure • Position Your DoS/DDoS Mitigation Solution Properly • Ensure Your DoS/DDoS Mitigation Solution Encompasses Many Technologies • Have a Consolidated or “Context Aware” View into Enterprise Security • Invest in Education and Develop Good Internal Security Policies 19
Thank You www.radware.com

Recommandé

SecureWorld: Information Security Adaption: Survival In An Evolving Threat L...
SecureWorld: Information Security Adaption: Survival In An Evolving Threat L...SecureWorld: Information Security Adaption: Survival In An Evolving Threat L...
SecureWorld: Information Security Adaption: Survival In An Evolving Threat L...Radware
 
In the Line of Fire-the Morphology of Cyber Attacks
In the Line of Fire-the Morphology of Cyber AttacksIn the Line of Fire-the Morphology of Cyber Attacks
In the Line of Fire-the Morphology of Cyber AttacksRadware
 
Radware - DSS @Vilnius 2010
Radware - DSS @Vilnius 2010Radware - DSS @Vilnius 2010
Radware - DSS @Vilnius 2010Andris Soroka
 
Infrastructure for mobile communities
Infrastructure for mobile communitiesInfrastructure for mobile communities
Infrastructure for mobile communitiesClaude Florin
 
TheTrendwatch #06
TheTrendwatch #06TheTrendwatch #06
TheTrendwatch #06damoncb
 
Connecting Libya 2012 Presentation
Connecting Libya 2012 PresentationConnecting Libya 2012 Presentation
Connecting Libya 2012 PresentationNokia Siemens Networks
 
InfoBulletin February 2011
InfoBulletin February 2011InfoBulletin February 2011
InfoBulletin February 2011Co-Operative Systems
 
110657 emc rick_devenuti_dd9_fina_lb
110657 emc rick_devenuti_dd9_fina_lb110657 emc rick_devenuti_dd9_fina_lb
110657 emc rick_devenuti_dd9_fina_lbTina Jiang
 

Recommandé

SecureWorld: Information Security Adaption: Survival In An Evolving Threat L...
SecureWorld: Information Security Adaption: Survival In An Evolving Threat L...SecureWorld: Information Security Adaption: Survival In An Evolving Threat L...
SecureWorld: Information Security Adaption: Survival In An Evolving Threat L...Radware
 
In the Line of Fire-the Morphology of Cyber Attacks
In the Line of Fire-the Morphology of Cyber AttacksIn the Line of Fire-the Morphology of Cyber Attacks
In the Line of Fire-the Morphology of Cyber AttacksRadware
 
Radware - DSS @Vilnius 2010
Radware - DSS @Vilnius 2010Radware - DSS @Vilnius 2010
Radware - DSS @Vilnius 2010Andris Soroka
 
Infrastructure for mobile communities
Infrastructure for mobile communitiesInfrastructure for mobile communities
Infrastructure for mobile communitiesClaude Florin
 
TheTrendwatch #06
TheTrendwatch #06TheTrendwatch #06
TheTrendwatch #06damoncb
 
Connecting Libya 2012 Presentation
Connecting Libya 2012 PresentationConnecting Libya 2012 Presentation
Connecting Libya 2012 PresentationNokia Siemens Networks
 
InfoBulletin February 2011
InfoBulletin February 2011InfoBulletin February 2011
InfoBulletin February 2011Co-Operative Systems
 
110657 emc rick_devenuti_dd9_fina_lb
110657 emc rick_devenuti_dd9_fina_lb110657 emc rick_devenuti_dd9_fina_lb
110657 emc rick_devenuti_dd9_fina_lbTina Jiang
 
The Evolution of Mobile Information Services
The Evolution of Mobile Information ServicesThe Evolution of Mobile Information Services
The Evolution of Mobile Information ServicesVenu Vasudevan
 
Bab I
Bab IBab I
Bab IMustahal SSi
 
Making sense of consumer data in the digital world
Making sense of consumer data in the digital worldMaking sense of consumer data in the digital world
Making sense of consumer data in the digital worldRachel Aldighieri
 
Anatomy of the MMO
Anatomy of the MMOAnatomy of the MMO
Anatomy of the MMOGeorge Dolbier
 
MyMobileWeb: Open Source Framework for Adaptive Mobile Web Applications
MyMobileWeb: Open Source Framework for Adaptive Mobile Web ApplicationsMyMobileWeb: Open Source Framework for Adaptive Mobile Web Applications
MyMobileWeb: Open Source Framework for Adaptive Mobile Web Applicationscrdlc
 
UiTforum 2012- Sociale media - Jo Caudron
UiTforum 2012- Sociale media - Jo CaudronUiTforum 2012- Sociale media - Jo Caudron
UiTforum 2012- Sociale media - Jo CaudronUiTnetwerk - CultuurNet Vlaanderen
 
2012 Global Application and Network Security Report
2012 Global Application and Network Security Report2012 Global Application and Network Security Report
2012 Global Application and Network Security ReportRadware
 
In the Line of Fire - The Morphology of Cyber-Attacks
In the Line of Fire - The Morphology of Cyber-AttacksIn the Line of Fire - The Morphology of Cyber-Attacks
In the Line of Fire - The Morphology of Cyber-AttacksRadware
 
Radware ERT Threat Alert: Shellshock Bash
Radware ERT Threat Alert: Shellshock BashRadware ERT Threat Alert: Shellshock Bash
Radware ERT Threat Alert: Shellshock BashRadware
 
In the Line of Fire-the Morphology of Cyber Attacks
In the Line of Fire-the Morphology of Cyber AttacksIn the Line of Fire-the Morphology of Cyber Attacks
In the Line of Fire-the Morphology of Cyber AttacksRadware
 
Radware Hybrid Cloud WAF Service
Radware Hybrid Cloud WAF ServiceRadware Hybrid Cloud WAF Service
Radware Hybrid Cloud WAF ServiceRadware
 
Briefing on Recent US Bank Attacks and 2012 Attack Trends
Briefing on Recent US Bank Attacks and 2012 Attack TrendsBriefing on Recent US Bank Attacks and 2012 Attack Trends
Briefing on Recent US Bank Attacks and 2012 Attack TrendsRadware
 
The Real Cost of Slow Time vs Downtime
The Real Cost of Slow Time vs DowntimeThe Real Cost of Slow Time vs Downtime
The Real Cost of Slow Time vs DowntimeRadware
 
DDoS Threat Landscape - Ron Winward CHINOG16
DDoS Threat Landscape - Ron Winward CHINOG16DDoS Threat Landscape - Ron Winward CHINOG16
DDoS Threat Landscape - Ron Winward CHINOG16Radware
 
The Art of Cyber War: Cyber Security Strategies in a Rapidly Evolving Theatre
The Art of Cyber War: Cyber Security Strategies in a Rapidly Evolving TheatreThe Art of Cyber War: Cyber Security Strategies in a Rapidly Evolving Theatre
The Art of Cyber War: Cyber Security Strategies in a Rapidly Evolving TheatreRadware
 
OpenID Foundation Update at RSA Conference
OpenID Foundation Update at RSA ConferenceOpenID Foundation Update at RSA Conference
OpenID Foundation Update at RSA ConferenceMatterport
 
Fun and games for profit
Fun and games for profitFun and games for profit
Fun and games for profitVenu Vasudevan
 
Tucci emc world 2011 fina lb
Tucci emc world 2011 fina lbTucci emc world 2011 fina lb
Tucci emc world 2011 fina lbTina Jiang
 
EMC a TBIZ2011
EMC a TBIZ2011EMC a TBIZ2011
EMC a TBIZ2011TechnologyBIZ
 
Metricon5 powell - ddos analytics
Metricon5 powell - ddos analyticsMetricon5 powell - ddos analytics
Metricon5 powell - ddos analyticsTon Hoang
 
OpenID Foundation Retail Advisory Committee Webinar
OpenID Foundation Retail Advisory Committee WebinarOpenID Foundation Retail Advisory Committee Webinar
OpenID Foundation Retail Advisory Committee WebinarMatterport
 
Cyber Security Through the Eyes of the C-Suite (Infographic)
Cyber Security Through the Eyes of the C-Suite (Infographic)Cyber Security Through the Eyes of the C-Suite (Infographic)
Cyber Security Through the Eyes of the C-Suite (Infographic)Radware
 

Contenu connexe

Tendances

The Evolution of Mobile Information Services
The Evolution of Mobile Information ServicesThe Evolution of Mobile Information Services
The Evolution of Mobile Information ServicesVenu Vasudevan
 
Making sense of consumer data in the digital world
Making sense of consumer data in the digital worldMaking sense of consumer data in the digital world
Making sense of consumer data in the digital worldRachel Aldighieri
 
MyMobileWeb: Open Source Framework for Adaptive Mobile Web Applications
MyMobileWeb: Open Source Framework for Adaptive Mobile Web ApplicationsMyMobileWeb: Open Source Framework for Adaptive Mobile Web Applications
MyMobileWeb: Open Source Framework for Adaptive Mobile Web Applicationscrdlc
 

Tendances (6)

The Evolution of Mobile Information Services
The Evolution of Mobile Information ServicesThe Evolution of Mobile Information Services
The Evolution of Mobile Information Services
 
Bab I
Bab IBab I
Bab I
 
Making sense of consumer data in the digital world
Making sense of consumer data in the digital worldMaking sense of consumer data in the digital world
Making sense of consumer data in the digital world
 
Anatomy of the MMO
Anatomy of the MMOAnatomy of the MMO
Anatomy of the MMO
 
MyMobileWeb: Open Source Framework for Adaptive Mobile Web Applications
MyMobileWeb: Open Source Framework for Adaptive Mobile Web ApplicationsMyMobileWeb: Open Source Framework for Adaptive Mobile Web Applications
MyMobileWeb: Open Source Framework for Adaptive Mobile Web Applications
 
UiTforum 2012- Sociale media - Jo Caudron
UiTforum 2012- Sociale media - Jo CaudronUiTforum 2012- Sociale media - Jo Caudron
UiTforum 2012- Sociale media - Jo Caudron
 

En vedette

2012 Global Application and Network Security Report
2012 Global Application and Network Security Report2012 Global Application and Network Security Report
2012 Global Application and Network Security ReportRadware
 
In the Line of Fire - The Morphology of Cyber-Attacks
In the Line of Fire - The Morphology of Cyber-AttacksIn the Line of Fire - The Morphology of Cyber-Attacks
In the Line of Fire - The Morphology of Cyber-AttacksRadware
 
Radware ERT Threat Alert: Shellshock Bash
Radware ERT Threat Alert: Shellshock BashRadware ERT Threat Alert: Shellshock Bash
Radware ERT Threat Alert: Shellshock BashRadware
 
In the Line of Fire-the Morphology of Cyber Attacks
In the Line of Fire-the Morphology of Cyber AttacksIn the Line of Fire-the Morphology of Cyber Attacks
In the Line of Fire-the Morphology of Cyber AttacksRadware
 
Radware Hybrid Cloud WAF Service
Radware Hybrid Cloud WAF ServiceRadware Hybrid Cloud WAF Service
Radware Hybrid Cloud WAF ServiceRadware
 
Briefing on Recent US Bank Attacks and 2012 Attack Trends
Briefing on Recent US Bank Attacks and 2012 Attack TrendsBriefing on Recent US Bank Attacks and 2012 Attack Trends
Briefing on Recent US Bank Attacks and 2012 Attack TrendsRadware
 
The Real Cost of Slow Time vs Downtime
The Real Cost of Slow Time vs DowntimeThe Real Cost of Slow Time vs Downtime
The Real Cost of Slow Time vs DowntimeRadware
 
DDoS Threat Landscape - Ron Winward CHINOG16
DDoS Threat Landscape - Ron Winward CHINOG16DDoS Threat Landscape - Ron Winward CHINOG16
DDoS Threat Landscape - Ron Winward CHINOG16Radware
 
The Art of Cyber War: Cyber Security Strategies in a Rapidly Evolving Theatre
The Art of Cyber War: Cyber Security Strategies in a Rapidly Evolving TheatreThe Art of Cyber War: Cyber Security Strategies in a Rapidly Evolving Theatre
The Art of Cyber War: Cyber Security Strategies in a Rapidly Evolving TheatreRadware
 

En vedette (9)

2012 Global Application and Network Security Report
2012 Global Application and Network Security Report2012 Global Application and Network Security Report
2012 Global Application and Network Security Report
 
In the Line of Fire - The Morphology of Cyber-Attacks
In the Line of Fire - The Morphology of Cyber-AttacksIn the Line of Fire - The Morphology of Cyber-Attacks
In the Line of Fire - The Morphology of Cyber-Attacks
 
Radware ERT Threat Alert: Shellshock Bash
Radware ERT Threat Alert: Shellshock BashRadware ERT Threat Alert: Shellshock Bash
Radware ERT Threat Alert: Shellshock Bash
 
In the Line of Fire-the Morphology of Cyber Attacks
In the Line of Fire-the Morphology of Cyber AttacksIn the Line of Fire-the Morphology of Cyber Attacks
In the Line of Fire-the Morphology of Cyber Attacks
 
Radware Hybrid Cloud WAF Service
Radware Hybrid Cloud WAF ServiceRadware Hybrid Cloud WAF Service
Radware Hybrid Cloud WAF Service
 
Briefing on Recent US Bank Attacks and 2012 Attack Trends
Briefing on Recent US Bank Attacks and 2012 Attack TrendsBriefing on Recent US Bank Attacks and 2012 Attack Trends
Briefing on Recent US Bank Attacks and 2012 Attack Trends
 
The Real Cost of Slow Time vs Downtime
The Real Cost of Slow Time vs DowntimeThe Real Cost of Slow Time vs Downtime
The Real Cost of Slow Time vs Downtime
 
DDoS Threat Landscape - Ron Winward CHINOG16
DDoS Threat Landscape - Ron Winward CHINOG16DDoS Threat Landscape - Ron Winward CHINOG16
DDoS Threat Landscape - Ron Winward CHINOG16
 
The Art of Cyber War: Cyber Security Strategies in a Rapidly Evolving Theatre
The Art of Cyber War: Cyber Security Strategies in a Rapidly Evolving TheatreThe Art of Cyber War: Cyber Security Strategies in a Rapidly Evolving Theatre
The Art of Cyber War: Cyber Security Strategies in a Rapidly Evolving Theatre
 

Similaire à 2011 Global Application and Network Security Report

OpenID Foundation Update at RSA Conference
OpenID Foundation Update at RSA ConferenceOpenID Foundation Update at RSA Conference
OpenID Foundation Update at RSA ConferenceMatterport
 
Fun and games for profit
Fun and games for profitFun and games for profit
Fun and games for profitVenu Vasudevan
 
Tucci emc world 2011 fina lb
Tucci emc world 2011 fina lbTucci emc world 2011 fina lb
Tucci emc world 2011 fina lbTina Jiang
 
Metricon5 powell - ddos analytics
Metricon5 powell - ddos analyticsMetricon5 powell - ddos analytics
Metricon5 powell - ddos analyticsTon Hoang
 
OpenID Foundation Retail Advisory Committee Webinar
OpenID Foundation Retail Advisory Committee WebinarOpenID Foundation Retail Advisory Committee Webinar
OpenID Foundation Retail Advisory Committee WebinarMatterport
 

Similaire à 2011 Global Application and Network Security Report (6)

OpenID Foundation Update at RSA Conference
OpenID Foundation Update at RSA ConferenceOpenID Foundation Update at RSA Conference
OpenID Foundation Update at RSA Conference
 
Fun and games for profit
Fun and games for profitFun and games for profit
Fun and games for profit
 
Tucci emc world 2011 fina lb
Tucci emc world 2011 fina lbTucci emc world 2011 fina lb
Tucci emc world 2011 fina lb
 
EMC a TBIZ2011
EMC a TBIZ2011EMC a TBIZ2011
EMC a TBIZ2011
 
Metricon5 powell - ddos analytics
Metricon5 powell - ddos analyticsMetricon5 powell - ddos analytics
Metricon5 powell - ddos analytics
 
OpenID Foundation Retail Advisory Committee Webinar
OpenID Foundation Retail Advisory Committee WebinarOpenID Foundation Retail Advisory Committee Webinar
OpenID Foundation Retail Advisory Committee Webinar
 

Plus de Radware

Cyber Security Through the Eyes of the C-Suite (Infographic)
Cyber Security Through the Eyes of the C-Suite (Infographic)Cyber Security Through the Eyes of the C-Suite (Infographic)
Cyber Security Through the Eyes of the C-Suite (Infographic)Radware
 
What’s the Cost of a Cyber Attack (Infographic)
What’s the Cost of a Cyber Attack (Infographic)What’s the Cost of a Cyber Attack (Infographic)
What’s the Cost of a Cyber Attack (Infographic)Radware
 
Radware Cloud Security Services
Radware Cloud Security ServicesRadware Cloud Security Services
Radware Cloud Security ServicesRadware
 
Radware 2016 State of the Union: Multi Industry Web Performance (Desktop)
Radware 2016 State of the Union: Multi Industry Web Performance (Desktop)Radware 2016 State of the Union: Multi Industry Web Performance (Desktop)
Radware 2016 State of the Union: Multi Industry Web Performance (Desktop)Radware
 
The Expanding Role and Importance of Application Delivery Controllers [Resear...
The Expanding Role and Importance of Application Delivery Controllers [Resear...The Expanding Role and Importance of Application Delivery Controllers [Resear...
The Expanding Role and Importance of Application Delivery Controllers [Resear...Radware
 
The Art of Cyber War [From Black Hat Brazil 2014]
The Art of Cyber War [From Black Hat Brazil 2014]The Art of Cyber War [From Black Hat Brazil 2014]
The Art of Cyber War [From Black Hat Brazil 2014]Radware
 
Cyber Attack Survival: Are You Ready?
Cyber Attack Survival: Are You Ready?Cyber Attack Survival: Are You Ready?
Cyber Attack Survival: Are You Ready?Radware
 
Mobile Web Stress: Understanding the Neurological Impact of Poor Performance
Mobile Web Stress: Understanding the Neurological Impact of Poor PerformanceMobile Web Stress: Understanding the Neurological Impact of Poor Performance
Mobile Web Stress: Understanding the Neurological Impact of Poor PerformanceRadware
 
Emotional Engagement and Brand Perception
Emotional Engagement and Brand PerceptionEmotional Engagement and Brand Perception
Emotional Engagement and Brand PerceptionRadware
 
InfoSecurity Europe 2014: The Art Of Cyber War
InfoSecurity Europe 2014: The Art Of Cyber WarInfoSecurity Europe 2014: The Art Of Cyber War
InfoSecurity Europe 2014: The Art Of Cyber WarRadware
 
OpenStack Networking: Developing and Delivering a Commercial Solution for Lo...
OpenStack Networking: Developing and Delivering a Commercial Solution for Lo...OpenStack Networking: Developing and Delivering a Commercial Solution for Lo...
OpenStack Networking: Developing and Delivering a Commercial Solution for Lo...Radware
 
SecureWorld St. Louis: Survival in an Evolving Threat Landscape
SecureWorld St. Louis: Survival in an Evolving Threat LandscapeSecureWorld St. Louis: Survival in an Evolving Threat Landscape
SecureWorld St. Louis: Survival in an Evolving Threat LandscapeRadware
 
Survival in an Evolving Threat Landscape
Survival in an Evolving Threat LandscapeSurvival in an Evolving Threat Landscape
Survival in an Evolving Threat LandscapeRadware
 
In the Line of Fire-the Morphology of Cyber Attacks
In the Line of Fire-the Morphology of Cyber AttacksIn the Line of Fire-the Morphology of Cyber Attacks
In the Line of Fire-the Morphology of Cyber AttacksRadware
 
Radware DefenseFlow-The SDN Application That Programs Networks for DoS Security
Radware DefenseFlow-The SDN Application That Programs Networks for DoS Security Radware DefenseFlow-The SDN Application That Programs Networks for DoS Security
Radware DefenseFlow-The SDN Application That Programs Networks for DoS Security Radware
 
Providing best response times, tightest security and highest availability for...
Providing best response times, tightest security and highest availability for...Providing best response times, tightest security and highest availability for...
Providing best response times, tightest security and highest availability for...Radware
 
Stock Exchanges in the Line of Fire-Morphology of Cyber Attacks
Stock Exchanges in the Line of Fire-Morphology of Cyber AttacksStock Exchanges in the Line of Fire-Morphology of Cyber Attacks
Stock Exchanges in the Line of Fire-Morphology of Cyber AttacksRadware
 
Attackers Vs. Defenders: Restoring the Equilibrium
Attackers Vs. Defenders: Restoring the EquilibriumAttackers Vs. Defenders: Restoring the Equilibrium
Attackers Vs. Defenders: Restoring the EquilibriumRadware
 
Radware DefensePipe: Cloud-Based Attack Mitigation Solution
Radware DefensePipe: Cloud-Based Attack Mitigation SolutionRadware DefensePipe: Cloud-Based Attack Mitigation Solution
Radware DefensePipe: Cloud-Based Attack Mitigation SolutionRadware
 

Plus de Radware (19)

Cyber Security Through the Eyes of the C-Suite (Infographic)
Cyber Security Through the Eyes of the C-Suite (Infographic)Cyber Security Through the Eyes of the C-Suite (Infographic)
Cyber Security Through the Eyes of the C-Suite (Infographic)
 
What’s the Cost of a Cyber Attack (Infographic)
What’s the Cost of a Cyber Attack (Infographic)What’s the Cost of a Cyber Attack (Infographic)
What’s the Cost of a Cyber Attack (Infographic)
 
Radware Cloud Security Services
Radware Cloud Security ServicesRadware Cloud Security Services
Radware Cloud Security Services
 
Radware 2016 State of the Union: Multi Industry Web Performance (Desktop)
Radware 2016 State of the Union: Multi Industry Web Performance (Desktop)Radware 2016 State of the Union: Multi Industry Web Performance (Desktop)
Radware 2016 State of the Union: Multi Industry Web Performance (Desktop)
 
The Expanding Role and Importance of Application Delivery Controllers [Resear...
The Expanding Role and Importance of Application Delivery Controllers [Resear...The Expanding Role and Importance of Application Delivery Controllers [Resear...
The Expanding Role and Importance of Application Delivery Controllers [Resear...
 
The Art of Cyber War [From Black Hat Brazil 2014]
The Art of Cyber War [From Black Hat Brazil 2014]The Art of Cyber War [From Black Hat Brazil 2014]
The Art of Cyber War [From Black Hat Brazil 2014]
 
Cyber Attack Survival: Are You Ready?
Cyber Attack Survival: Are You Ready?Cyber Attack Survival: Are You Ready?
Cyber Attack Survival: Are You Ready?
 
Mobile Web Stress: Understanding the Neurological Impact of Poor Performance
Mobile Web Stress: Understanding the Neurological Impact of Poor PerformanceMobile Web Stress: Understanding the Neurological Impact of Poor Performance
Mobile Web Stress: Understanding the Neurological Impact of Poor Performance
 
Emotional Engagement and Brand Perception
Emotional Engagement and Brand PerceptionEmotional Engagement and Brand Perception
Emotional Engagement and Brand Perception
 
InfoSecurity Europe 2014: The Art Of Cyber War
InfoSecurity Europe 2014: The Art Of Cyber WarInfoSecurity Europe 2014: The Art Of Cyber War
InfoSecurity Europe 2014: The Art Of Cyber War
 
OpenStack Networking: Developing and Delivering a Commercial Solution for Lo...
OpenStack Networking: Developing and Delivering a Commercial Solution for Lo...OpenStack Networking: Developing and Delivering a Commercial Solution for Lo...
OpenStack Networking: Developing and Delivering a Commercial Solution for Lo...
 
SecureWorld St. Louis: Survival in an Evolving Threat Landscape
SecureWorld St. Louis: Survival in an Evolving Threat LandscapeSecureWorld St. Louis: Survival in an Evolving Threat Landscape
SecureWorld St. Louis: Survival in an Evolving Threat Landscape
 
Survival in an Evolving Threat Landscape
Survival in an Evolving Threat LandscapeSurvival in an Evolving Threat Landscape
Survival in an Evolving Threat Landscape
 
In the Line of Fire-the Morphology of Cyber Attacks
In the Line of Fire-the Morphology of Cyber AttacksIn the Line of Fire-the Morphology of Cyber Attacks
In the Line of Fire-the Morphology of Cyber Attacks
 
Radware DefenseFlow-The SDN Application That Programs Networks for DoS Security
Radware DefenseFlow-The SDN Application That Programs Networks for DoS Security Radware DefenseFlow-The SDN Application That Programs Networks for DoS Security
Radware DefenseFlow-The SDN Application That Programs Networks for DoS Security
 
Providing best response times, tightest security and highest availability for...
Providing best response times, tightest security and highest availability for...Providing best response times, tightest security and highest availability for...
Providing best response times, tightest security and highest availability for...
 
Stock Exchanges in the Line of Fire-Morphology of Cyber Attacks
Stock Exchanges in the Line of Fire-Morphology of Cyber AttacksStock Exchanges in the Line of Fire-Morphology of Cyber Attacks
Stock Exchanges in the Line of Fire-Morphology of Cyber Attacks
 
Attackers Vs. Defenders: Restoring the Equilibrium
Attackers Vs. Defenders: Restoring the EquilibriumAttackers Vs. Defenders: Restoring the Equilibrium
Attackers Vs. Defenders: Restoring the Equilibrium
 
Radware DefensePipe: Cloud-Based Attack Mitigation Solution
Radware DefensePipe: Cloud-Based Attack Mitigation SolutionRadware DefensePipe: Cloud-Based Attack Mitigation Solution
Radware DefensePipe: Cloud-Based Attack Mitigation Solution
 

2011 Global Application and Network Security Report

  • 1. 2011 Global Application & Network Security Report Emergency Response Team (ERT)
  • 2. AGENDA The ERT Report Attack Motivation & Targets The Multi Vector Attack Campaign
  • 3. ERT Visibility Into Attacks Radware’s ERT helps customers when they under attack • “Free” access to network architecture & configurations • Unique visibility about how attack actually looks like • Visibility into traffic distribution • Resource status of the network and the applications components • Measure the impact of attacks and the network points of weakness • Lab research (Botnet lab) ERT Sees Attacks in Real-time on a Daily Basis 03
  • 4. The ERT Annual Report The Report is Based on Two Sources • Survey sent to a wide variety of internet organizations in order to get responses that were vendor neutral and as objective as possible • Includes analysis of about 40 selected cases that were handled by Radware’s ERT To download the full report, please visit: http://www.radware.com/2011globalsecurityreport 04
  • 5. AGENDA The ERT Report Attack Motivation & Targets The Multi Vector Attack Campaign
  • 6. Attackers Change in Motivation & Techniques LulzSec Sony, CIA, FBI Vandalism and Publicity Financially Motivated “Hacktivism” Dec 2010 Mar 2011 Blending Motives Operation Netbot Payback DDoS Attack 2010 “Blend” Risk Peru, IMDDOS Chile Kracken (Botnet) Mar 2011 DDoS Srizbi (Botnet) Codero DDoS / (Botnet) 2009 Twitter Rustock 2007 July 2009 “Worms” (Botnet) 2007 Cyber Attacks Storm US & Korea (Botnet) Mar 2011 CodeRed 2007 Operation 2001 Blaster Payback II 2003 Google / Twitter Nimda (Installed Trojan) Estonia’s Web Sites Attacks2009 2001 Agobot DoS Slammer (DoS Botnet) 2007 Mar 2011 DDoS (Attacking SQL sites) Wordpress.com 2003 Republican website DoS 2004 Georgia Web sites DoS 2008 Time 2001 2005 2010 06
  • 7. Attacker’s Motivation (Survey) Mainly for political reasons • Uses the power of masses of laymen users who were not even fully aware of what the tools they downloaded were doing • In 2011 : Trend toward more sophisticated attack campaigns that are generated also by the “inner-circle” … 07
  • 9. Attack Sophistication in 2011 • The attacks became more complex with attackers using as many as five different attack vectors in a single “attack campaign” • Blending both network and application attacks in a single attack campaign • Vote on a target, select the most appropriate attack tools, advertise the campaign, invite anyone capable… • Attacker set the attack to the most painful time period for its victim • Perform short “proof-firing” prior to the attack • Tend to not rely just on volunteer participants, but the inner circle 09
  • 10. AGENDA The ERT Report Attack Motivation & Targets The Multi Vector Attack Campaign
  • 11. Multi Vector Attack Campaign • Volumetric network level • Application level , Encrypted • Low & Slow • Directed Application DoS • Intrusions • Web attacks (injections, XSS,…) 11
  • 12. Network Vulnerability Points (Survey Results) Stateful Devices 12
  • 13. The Server Isn’t Necessarily the 1st to Fail Attackers also seem to understand that availability based threats are more likely to impact the firewall rather than the server. 13
  • 14. When You Don’t Protect the Firewall • A leading online travel agency was hit by a massive HTTP page flood • More than 4,000 attackers pounded this site for three days with the aim of overloading the site… Actions: 1st – User Agent filter on the Web servers … partial DoS 2nd – Attack mitigation device in front of the servers … partial DoS 3rd – Attack mitigation device in front of the firewall - 100% Availability Firewall Resources Status 14
  • 15. Low and Slow Tools & Trends • “Low & Slow” attacks are gaining attention ! • Tools such as Slowloris and Socketstress have been able to exploit design weakness a very low rate • R.U.D.Y. - A new tool that can attack any website 15
  • 16. Low and Slow Tools & Trends THC-SSL-DoS • This tool allows a single computer to knock web servers offline by targeting a well-known weakness in the secure sockets layer implementations. • An “asymmetric attack” - Single client request can cause the server to invest up to 15 times more resources 16
  • 17. Attack Impact – The “Size Doesn’t Matter” Attack “Size” Impact levels High Low Attack “Size” Real Case Attack Campaign Attack HTTP “Floods” UDP TCP Connection Category App-based Brute Force Connection based Attack HTTP Flood DNS Flood TCP Connection Category Slide 17 17
  • 18. Multi Vector Attack Campaign – Advanced Tools • Post-LOIC period , Anonymous is not depending on mass user participate for their attacks in order to protect their supporters from legal actions that several countries are already enforcing • To compensate for the LOIC, Anonymous is focusing on their inner-circle hacking activities, which include the development of tools such as #refref that rely on exploiting software vulnerabilities rather than brute force attacks… act as an advanced persistent threat (APT)… 18
  • 19. Recommendations • Be Prepared for DoS / DDoS Attacks • Be Wary of Complimentary DoS/DDoS Protection • Collect information about attacks such as type, size and frequency; use the right measure • Position Your DoS/DDoS Mitigation Solution Properly • Ensure Your DoS/DDoS Mitigation Solution Encompasses Many Technologies • Have a Consolidated or “Context Aware” View into Enterprise Security • Invest in Education and Develop Good Internal Security Policies 19