SlideShare une entreprise Scribd logo

In the Line of Fire-the Morphology of Cyber Attacks

Télécharger en tant que PPTX, PDF
Radware
Radware

Presentation from SecureWorld: Charlotte that discusses Availability-based threats; Attacks on U.S. banks and others popular attack patterns & trends.

TechnologieActualités & Politique
1  sur  49
In the Line of Fire – the Morphology of Cyber-Attacks Bob Simpson Vice President BobS@Radware.com April 2013 Radware Confidential Jan 2012
AGENDA Radware’s Twitter Handle: @radware Hashtag for this presentation - #Radware
AGENDA Availability-based threats Attacks on the US banks Other popular attack patterns & trends
Attacker’s Change in Motivation & Techniques LulzSec Sony, CIA, FBI Mar 2011 Vandalism and Publicity Financially Motivated “Hacktivism” Dec 2010 Netbot Blending Motives Operation DDoS Payback Attack Risk 2010 Peru, IMDDOS Chile Kracken (Botnet) “Blend” Mar 2011 Srizbi (Botnet) Codero DDoS / (Botnet) 2009 Twitter Rustock 2007 DDoS (Botnet) 2007 July 2009 Storm Cyber Attacks (Botnet) Mar 2011 CodeRed US & Korea Operation 2001 2007 Payback II “Worms” Blaster 2003 Google / Twitter Nimda Estonia’s Web Sites Attacks2009 (Installed Trojan) Agobot DoS 2001 Slammer (DoS Botnet) 2007 Mar 2011 DDoS (Attacking SQL sites) Wordpress.com 2003 Republican website DoS 2004 Georgia Web sites DoS 2008 2001 2005 2010 Time © 2011, Radware, Ltd. 4
The Security Trinity Security Confidentiality, a mainstream adaptation of the “need to know” principle of the military ethic, restricts the Security Integrity access of information to those in its broadest meaning refers systems, processes and to the trustworthiness of recipients from which the information over its entire Integrity content was intended Confidentiality to be life cycle. exposed. Security Availability is a characteristic that distinguishes information objects that have signaling and self-sustaining processes from Availability those that do not, either because such functions have ceased (outage, an attack), or else because they lack such functions .
Availability Based Attacks Availability- based Threats Network Floods Application Single-packet Low-and-Slow (Volumetric) Floods DoS Slide 6
2012 Attack Motivation - ERT Survey Radware Confidential Jan 2012 Slide 7
Radware ERT Survey Radware Confidential Jan 2012 Slide 8
2012 Target Trend - ERT Survey Radware Confidential Jan 2012 Slide 9
Attacks Campaigns Duration Radware Confidential Jan 2012 Slide 10
Attack Duration Requires IT to Develop New Skills War Room Skills Are Required Radware Confidential Jan 2012 Slide 11
Main Bottlenecks During DoS Attacks - ERT Survey Radware Confidential Jan 2012 Slide 12
Attacks Traverse CDNs (Dynamic Object Attacks) Radware Confidential Jan 2012 Slide 13
AGENDA 2012 Availability-based threats Attacks on the US banks Other popular attack patterns & trends
“Overview” • What triggered the recent US attacks? • Who was involved in implementing the attacks and name of the operation? • How long were the attacks and how many attack vectors were involved? • How the attacks work and their effects. • How can we prepare ourselves in the future? Radware Confidential Jan 2012 Slide 15
“What triggered the attacks on the US banks?” • Nakoula Basseley Nakoula (Alias- “Sam Bacile”), an Egyption born US resident created an anti Islam film. • Early September the publication of the „Innocence of Muslims‟ film on YouTube invokes demonstrations throughout the Muslim world. • The video was 14 minutes though a full length movie was released. Radware Confidential Jan 2012 Slide 16
“Protests Generated by the Movie” Radware Confidential Jan 2012 Slide 17
The Cyber Response Radware Confidential Jan 2012 Slide 18
“Who is the group behind the cyber response?” • A hacker group called “Izz as-Din al-Qassam Cyber fighters”. • Izz as-Din al-Qassam was a famous Muslim preacher who was a leader in the fight against the French, US and Zionist in the 1920‟s and 1930‟s. • The group claims not to be affiliated to any government or Anonymous. • This group claims to be independent, and it‟s goal is to defend Islam. Radware Confidential Jan 2012 Slide 19
“Operation Ababil launched!” • “Operation Ababil” is the codename of the operation launched on Septembetr18th 2012, by the group “Izz as-Din al-Qassam Cyber fighters” • The attackers announced they would attack “American and Zionist targets”. • “Ababil” translates to “swallow” from Persian. Until today the US thinks the Iranian government may be behind the operation. • The operations goal is to have “Youtube” remove the anti-muslim film from it‟s site. Until today the video has not been removed. Radware Confidential Jan 2012 Slide 20
The Attack Vectors and Tactics! Slide 21
“Initial attack campaign in 2 phases” • The attack campaign was split into 2 phases, a pubic announcement was made in each phase. • The attacks lasted 10 days, from the 18th until the 28th of September. • Phase 1 - Targets > NYSE, BOA, JP Morgan. • Phase 2 – Targets > Wells Fargo, US Banks, PNC. • Phase 3 - Targets > PNC, Fifth Third Bancorp, J.M.Chase, U.S.Bank, UnionBank, Bank of America, Citibank, BB&T and Capitalone. Radware Confidential Jan 2012 Slide 22
“Attack Vectors” • 5 Attack vectors were seen by the ERT team during Operation Ababil. 1. UDP garbage flood. 2. TCP SYN flood. 3. Mobile LOIC (Apache killer version). 4. HTTP Request flood. 5. ICMP Reply flood. (*Unconfirmed but reported on). 6. Booters *Note: Data is gathered by Radware as well as it‟s partners. Radware Confidential Jan 2012
Booters A Booter is a tool used for taking down/booting off websites and servers. Booters introduce high volumetric (server based) attacks and slow-rate attack vectors as a one stop shop. Slide 24
“UDP Garbage Flood” • Targeted the DNS servers of the organizations, also HTTP. • 1Gb + in volume • All attacks were identical in content and in size (Packet structure). • UDP packets sent to port 53 and 80. • Customer attacked Sep 18th and on the 19th. Radware Confidential Jan 2012 Slide 25
“Tactics used in the UDP garbage flood” • Internal DNS servers were targeted , at a high rate. • Web servers were also targeted, at a high rate. • Spoofed IP‟s (But kept to just a few, this is unusual). • ~ 1Gbps. • Lasted more than 7 hours initially but still continues... Packet structure Parameter Value Port 53 Value Port 80 Packet size 1358 Bytes Unknown Value in Garbage ‘A’ (0x41) characters “/http1” repeated (x2fx68x74x74x70x 31) - repetitive Radware Confidential Jan 2012 Slide 26
“DNS Garbage flood packet extract” • Some reports of a DNS reflective attack was underway seem to be incorrect. • The packets are considered “Malformed” DNS packets, no relevant DNS header. Radware Confidential Jan 2012 Slide 27
“Attackers objective of the UDP Garbage flood” • Saturate bandwidth. • Attack will pass through firewall, since port is open. • Saturate session tables/CPU resources on any state -full device, L4 routing rules any router, FW session tables etc.. • Returning ICMP type 3 further saturate upstream bandwidth. • All combined will lead to a DoS situation if bandwidth and infrastructure cannot handle the volume or packet processing. Radware Confidential Jan 2012 Slide 28
“TCP SYN flood” • Targeted Port 53, 80 and 443. • The rate was around 100Mbps with around 135K PPS. • This lasted for more than 3 days. Radware Confidential Jan 2012 Slide 29
“SYN flood Packet extract” -All sources are spoofed. -Multiple SYN packets to port 443. Radware Confidential Jan 2012 Slide 30
“Attackers objective of the TCP SYN floods” • SYN floods are a well known attack vector. • Can be used to distract from more targeted attacks. • The effect of the SYN flood if it slips through can devastate state-full devices quickly. This is done by filling up the session table. • All state-full device has some performance impact under such a flood. • Easy to implement. • Incorrect network architecture will quickly have issues. Radware Confidential Jan 2012 Slide 31
“Mobile LOIC (Apache killer version)” • Mobile LOIC (Low Orbit Iron Cannon) is a DDoS tool written in HTML and Javascript. • This DDoS Tool does an HTTP GET flood. • The tool is designed to do HTTP floods. • We have no statistics on the exact traffic of mobile LOIC. *Suspected *Suspected Radware Confidential Jan 2012 Slide 32
“Mobile LOIC in a web browser” Radware Confidential Jan 2012 Slide 33
“HTTP Request Flood” • Between 80K and 100K TPS (Transactions Per second) • Port 80 • Followed the same patterns in the GET request (Except for the Input parameter) • Dynamic user agent Radware Confidential Jan 2012 Slide 34
“HTTP flood packet structure” • Sources worldwide (True sources most likely hidden). • User agent duplicated. • Dynamic Input parameters. GET Requests parameters Radware Confidential Jan 2012 Slide 35
“Attackers objective of the HTTP flood” • Bypass CDN services by randomizing the input parameter and user agents. • Because of the double user agent there was an flaw in the programming behind the attacking tool. • Saturating and exhausting web server resources by keeping session table and web server connection limits occupied. • The attack takes more resources to implement than non connection orientated attacks like TCP SYN floods and UDP garbage floods. This is because of the need to establish a connection. Radware Confidential Jan 2012 Slide 36
“Identified locations of attacking IP‟s” Worldwide! Radware Confidential Jan 2012 Slide 37
AGENDA 2012 Availability-based threats Attacks on the us banks Others 2012 popular attack patterns & trends
Availability-based Threats Tree Availability- based Threats Network Floods Application Single-packet Low-and-Slow (Volumetric) Floods DoS ICMP Web Flood DNS SMTP Flood UPD Flood HTTPS SYN Flood Radware Confidential Jan 2012 Slide 39
Asymmetric Attacks Radware Confidential Jan 2012 Slide 40
HTTP Reflection Attack Attacker Website A Website B (Victim) HTTP GET Radware Confidential Jan 2012 Slide
HTTP Reflection Attack Example iframe, width=1, height=1 search.php Radware Confidential Jan 2012 Slide
HTTPS – SSL Re Negotiation Attack THC-SSL DoS THC-SSL DOS was developed by a hacking group called The Hacker‟s Choice (THC), as a proof- of-concept to encourage vendors to patch a serious SSL vulnerability. THC-SSL-DOS, as with other “low and slow” attacks, requires only a small number of packets to cause denial-of-service for a fairly large server. It works by initiating a regular SSL handshake and then immediately requesting for the renegotiation of the encryption key, constantly repeating this server resource-intensive renegotiation request until all server resources have been exhausted. Radware Confidential Jan 2012 Slide 43
Low & Slow Availability- based Threats Network Floods Application Single-packet Low-and-Slow (Volumetric) Floods DoS ICMP Web Flood DNS SMTP Flood UPD Flood HTTPS SYN Flood Radware Confidential Jan 2012 Slide 44
Low & Slow • Slowloris • Sockstress • R.U.D.Y. • Simultaneous Connection Saturation Radware Confidential Jan 2012 Slide 45
R.U.D.Y (R-U-Dead-Yet) R.U.D.Y. (R-U-Dead-Yet?) R.U.D.Y. (R-U-Dead-Yet?) is a slow-rate HTTP POST (Layer 7) denial-of-service tool created by Raviv Raz and named after the Children of Bodom album “Are You Dead Yet?” It achieves denial-of-service by using long form field submissions. By injecting one byte of information into an application POST field at a time and then waiting, R.U.D.Y. causes application threads to await the end of never-ending posts in order to perform processing (this behavior is necessary in order to allow web servers to support users with slower connections). Since R.U.D.Y. causes the target webserver to hang while waiting for the rest of an HTTP POST request, by initiating simultaneous connections to the server the attacker is ultimately able to exhaust the server‟s connection table and create a denial-of-service condition. Radware Confidential Jan 2012 Slide 46
Slowloris Slowloris Slowloris is a denial-of-service (DoS) tool developed by the grey hat hacker “RSnake” that causes DoS by using a very slow HTTP request. By sending HTTP headers to the target site in tiny chunks as slow as possible (waiting to send the next tiny chunk until just before the server would time out the request), the server is forced to continue to wait for the headers to arrive. If enough connections are opened to the server in this fashion, it is quickly unable to handle legitimate requests. Slowloris is cross-platform, except due to Windows’ ~130 simultaneous socket use limit, it is only effective from UNIX-based systems which allow for more connections to be opened in parallel to a target server (although a GUI Python version of Slowloris dubbed PyLoris was able to overcome this limiting factor on Windows). Radware Confidential Jan 2012 Slide 47
Radware Security Products Portfolio DefensePro Network & Server attack prevention device AppWall Web Application Firewall (WAF) APSolute Vision Management and security reporting & compliance Slide 48
Thank You www.radware.com Radware Confidential Jan 2012

Recommandé

2011 Global Application and Network Security Report
2011 Global Application and Network Security Report2011 Global Application and Network Security Report
2011 Global Application and Network Security ReportRadware
 
SecureWorld: Information Security Adaption: Survival In An Evolving Threat L...
SecureWorld: Information Security Adaption: Survival In An Evolving Threat L...SecureWorld: Information Security Adaption: Survival In An Evolving Threat L...
SecureWorld: Information Security Adaption: Survival In An Evolving Threat L...Radware
 
Radware - DSS @Vilnius 2010
Radware - DSS @Vilnius 2010Radware - DSS @Vilnius 2010
Radware - DSS @Vilnius 2010Andris Soroka
 
Infrastructure for mobile communities
Infrastructure for mobile communitiesInfrastructure for mobile communities
Infrastructure for mobile communitiesClaude Florin
 
The Evolution of Mobile Information Services
The Evolution of Mobile Information ServicesThe Evolution of Mobile Information Services
The Evolution of Mobile Information ServicesVenu Vasudevan
 
TheTrendwatch #06
TheTrendwatch #06TheTrendwatch #06
TheTrendwatch #06damoncb
 
MyMobileWeb: Open Source Framework for Adaptive Mobile Web Applications
MyMobileWeb: Open Source Framework for Adaptive Mobile Web ApplicationsMyMobileWeb: Open Source Framework for Adaptive Mobile Web Applications
MyMobileWeb: Open Source Framework for Adaptive Mobile Web Applicationscrdlc
 
Situational Web
Situational WebSituational Web
Situational WebPaul Golding
 

Recommandé

2011 Global Application and Network Security Report
2011 Global Application and Network Security Report2011 Global Application and Network Security Report
2011 Global Application and Network Security ReportRadware
 
SecureWorld: Information Security Adaption: Survival In An Evolving Threat L...
SecureWorld: Information Security Adaption: Survival In An Evolving Threat L...SecureWorld: Information Security Adaption: Survival In An Evolving Threat L...
SecureWorld: Information Security Adaption: Survival In An Evolving Threat L...Radware
 
Radware - DSS @Vilnius 2010
Radware - DSS @Vilnius 2010Radware - DSS @Vilnius 2010
Radware - DSS @Vilnius 2010Andris Soroka
 
Infrastructure for mobile communities
Infrastructure for mobile communitiesInfrastructure for mobile communities
Infrastructure for mobile communitiesClaude Florin
 
The Evolution of Mobile Information Services
The Evolution of Mobile Information ServicesThe Evolution of Mobile Information Services
The Evolution of Mobile Information ServicesVenu Vasudevan
 
TheTrendwatch #06
TheTrendwatch #06TheTrendwatch #06
TheTrendwatch #06damoncb
 
MyMobileWeb: Open Source Framework for Adaptive Mobile Web Applications
MyMobileWeb: Open Source Framework for Adaptive Mobile Web ApplicationsMyMobileWeb: Open Source Framework for Adaptive Mobile Web Applications
MyMobileWeb: Open Source Framework for Adaptive Mobile Web Applicationscrdlc
 
Situational Web
Situational WebSituational Web
Situational WebPaul Golding
 
Connecting Libya 2012 Presentation
Connecting Libya 2012 PresentationConnecting Libya 2012 Presentation
Connecting Libya 2012 PresentationNokia Siemens Networks
 
Communication and Networks
Communication and NetworksCommunication and Networks
Communication and NetworksMohd Khairil Borhanudin
 
110657 emc rick_devenuti_dd9_fina_lb
110657 emc rick_devenuti_dd9_fina_lb110657 emc rick_devenuti_dd9_fina_lb
110657 emc rick_devenuti_dd9_fina_lbTina Jiang
 
Clinical Grade Email Peters M Hi091809
Clinical Grade Email Peters M Hi091809Clinical Grade Email Peters M Hi091809
Clinical Grade Email Peters M Hi091809mHealth Initiative
 
Spain Getting Ready For Cloud Computing
Spain Getting Ready For Cloud ComputingSpain Getting Ready For Cloud Computing
Spain Getting Ready For Cloud ComputingCarlos Domingo
 
Vladimir_Suvorov_Big_data
Vladimir_Suvorov_Big_dataVladimir_Suvorov_Big_data
Vladimir_Suvorov_Big_dataIrina Krylova
 
Connectr8 - Exploding The Barriers To Social Computing (UKLUG 2009)
Connectr8 - Exploding The Barriers To Social Computing (UKLUG 2009)Connectr8 - Exploding The Barriers To Social Computing (UKLUG 2009)
Connectr8 - Exploding The Barriers To Social Computing (UKLUG 2009)Stuart McIntyre
 
Verizon bill goodman
Verizon bill goodmanVerizon bill goodman
Verizon bill goodmanCarl Ford
 
[JAM 2.0] CTIA 2011: Mobile Business (Evgeny Kaziak)
[JAM 2.0] CTIA 2011: Mobile Business (Evgeny Kaziak)[JAM 2.0] CTIA 2011: Mobile Business (Evgeny Kaziak)
[JAM 2.0] CTIA 2011: Mobile Business (Evgeny Kaziak)jam_team
 
IDSA Midwest Conference - Mind the Gap
IDSA Midwest Conference - Mind the GapIDSA Midwest Conference - Mind the Gap
IDSA Midwest Conference - Mind the GapLextant
 
Fun and games for profit
Fun and games for profitFun and games for profit
Fun and games for profitVenu Vasudevan
 
Mobile, Mobile, Mobile
Mobile, Mobile, MobileMobile, Mobile, Mobile
Mobile, Mobile, MobilePaul Golding
 
Cloud Computing Webinar: Legal & Regulatory Update for 2012
Cloud Computing Webinar: Legal & Regulatory Update for 2012Cloud Computing Webinar: Legal & Regulatory Update for 2012
Cloud Computing Webinar: Legal & Regulatory Update for 2012itandlaw
 
EMC a TBIZ2011
EMC a TBIZ2011EMC a TBIZ2011
EMC a TBIZ2011TechnologyBIZ
 
Trend Micro Dec 6 Toronto VMUG
Trend Micro Dec 6 Toronto VMUGTrend Micro Dec 6 Toronto VMUG
Trend Micro Dec 6 Toronto VMUGtovmug
 
Tucci emc world 2011 fina lb
Tucci emc world 2011 fina lbTucci emc world 2011 fina lb
Tucci emc world 2011 fina lbTina Jiang
 
Palestra "Technology Trends To Watch In 2012 and beyond"
Palestra "Technology Trends To Watch In 2012 and beyond"Palestra "Technology Trends To Watch In 2012 and beyond"
Palestra "Technology Trends To Watch In 2012 and beyond"Dígitro Tecnologia
 
Cisco tec chris young - security intelligence operations
Cisco tec chris young - security intelligence operationsCisco tec chris young - security intelligence operations
Cisco tec chris young - security intelligence operationsCisco Public Relations
 
Mobile services for immobile users
Mobile services for immobile usersMobile services for immobile users
Mobile services for immobile usersVenu Vasudevan
 
Managing the Android Supply Chain and the Role of SPDX
Managing the Android Supply Chain and the Role of SPDXManaging the Android Supply Chain and the Role of SPDX
Managing the Android Supply Chain and the Role of SPDXBlack Duck by Synopsys
 
Davidreinselppt 110304164919-phpapp01
Davidreinselppt 110304164919-phpapp01Davidreinselppt 110304164919-phpapp01
Davidreinselppt 110304164919-phpapp01MassTLC
 
20111214 iisf shinoda_
20111214 iisf shinoda_20111214 iisf shinoda_
20111214 iisf shinoda_Directorate of Information Security | Ditjen Aptika
 

Contenu connexe

Tendances

110657 emc rick_devenuti_dd9_fina_lb
110657 emc rick_devenuti_dd9_fina_lb110657 emc rick_devenuti_dd9_fina_lb
110657 emc rick_devenuti_dd9_fina_lbTina Jiang
 
Clinical Grade Email Peters M Hi091809
Clinical Grade Email Peters M Hi091809Clinical Grade Email Peters M Hi091809
Clinical Grade Email Peters M Hi091809mHealth Initiative
 
Spain Getting Ready For Cloud Computing
Spain Getting Ready For Cloud ComputingSpain Getting Ready For Cloud Computing
Spain Getting Ready For Cloud ComputingCarlos Domingo
 
Vladimir_Suvorov_Big_data
Vladimir_Suvorov_Big_dataVladimir_Suvorov_Big_data
Vladimir_Suvorov_Big_dataIrina Krylova
 
Connectr8 - Exploding The Barriers To Social Computing (UKLUG 2009)
Connectr8 - Exploding The Barriers To Social Computing (UKLUG 2009)Connectr8 - Exploding The Barriers To Social Computing (UKLUG 2009)
Connectr8 - Exploding The Barriers To Social Computing (UKLUG 2009)Stuart McIntyre
 
Verizon bill goodman
Verizon bill goodmanVerizon bill goodman
Verizon bill goodmanCarl Ford
 
[JAM 2.0] CTIA 2011: Mobile Business (Evgeny Kaziak)
[JAM 2.0] CTIA 2011: Mobile Business (Evgeny Kaziak)[JAM 2.0] CTIA 2011: Mobile Business (Evgeny Kaziak)
[JAM 2.0] CTIA 2011: Mobile Business (Evgeny Kaziak)jam_team
 
IDSA Midwest Conference - Mind the Gap
IDSA Midwest Conference - Mind the GapIDSA Midwest Conference - Mind the Gap
IDSA Midwest Conference - Mind the GapLextant
 

Tendances (10)

Connecting Libya 2012 Presentation
Connecting Libya 2012 PresentationConnecting Libya 2012 Presentation
Connecting Libya 2012 Presentation
 
Communication and Networks
Communication and NetworksCommunication and Networks
Communication and Networks
 
110657 emc rick_devenuti_dd9_fina_lb
110657 emc rick_devenuti_dd9_fina_lb110657 emc rick_devenuti_dd9_fina_lb
110657 emc rick_devenuti_dd9_fina_lb
 
Clinical Grade Email Peters M Hi091809
Clinical Grade Email Peters M Hi091809Clinical Grade Email Peters M Hi091809
Clinical Grade Email Peters M Hi091809
 
Spain Getting Ready For Cloud Computing
Spain Getting Ready For Cloud ComputingSpain Getting Ready For Cloud Computing
Spain Getting Ready For Cloud Computing
 
Vladimir_Suvorov_Big_data
Vladimir_Suvorov_Big_dataVladimir_Suvorov_Big_data
Vladimir_Suvorov_Big_data
 
Connectr8 - Exploding The Barriers To Social Computing (UKLUG 2009)
Connectr8 - Exploding The Barriers To Social Computing (UKLUG 2009)Connectr8 - Exploding The Barriers To Social Computing (UKLUG 2009)
Connectr8 - Exploding The Barriers To Social Computing (UKLUG 2009)
 
Verizon bill goodman
Verizon bill goodmanVerizon bill goodman
Verizon bill goodman
 
[JAM 2.0] CTIA 2011: Mobile Business (Evgeny Kaziak)
[JAM 2.0] CTIA 2011: Mobile Business (Evgeny Kaziak)[JAM 2.0] CTIA 2011: Mobile Business (Evgeny Kaziak)
[JAM 2.0] CTIA 2011: Mobile Business (Evgeny Kaziak)
 
IDSA Midwest Conference - Mind the Gap
IDSA Midwest Conference - Mind the GapIDSA Midwest Conference - Mind the Gap
IDSA Midwest Conference - Mind the Gap
 

Similaire à In the Line of Fire-the Morphology of Cyber Attacks

Fun and games for profit
Fun and games for profitFun and games for profit
Fun and games for profitVenu Vasudevan
 
Mobile, Mobile, Mobile
Mobile, Mobile, MobileMobile, Mobile, Mobile
Mobile, Mobile, MobilePaul Golding
 
Cloud Computing Webinar: Legal & Regulatory Update for 2012
Cloud Computing Webinar: Legal & Regulatory Update for 2012Cloud Computing Webinar: Legal & Regulatory Update for 2012
Cloud Computing Webinar: Legal & Regulatory Update for 2012itandlaw
 
Trend Micro Dec 6 Toronto VMUG
Trend Micro Dec 6 Toronto VMUGTrend Micro Dec 6 Toronto VMUG
Trend Micro Dec 6 Toronto VMUGtovmug
 
Tucci emc world 2011 fina lb
Tucci emc world 2011 fina lbTucci emc world 2011 fina lb
Tucci emc world 2011 fina lbTina Jiang
 
Palestra "Technology Trends To Watch In 2012 and beyond"
Palestra "Technology Trends To Watch In 2012 and beyond"Palestra "Technology Trends To Watch In 2012 and beyond"
Palestra "Technology Trends To Watch In 2012 and beyond"Dígitro Tecnologia
 
Cisco tec chris young - security intelligence operations
Cisco tec chris young - security intelligence operationsCisco tec chris young - security intelligence operations
Cisco tec chris young - security intelligence operationsCisco Public Relations
 
Mobile services for immobile users
Mobile services for immobile usersMobile services for immobile users
Mobile services for immobile usersVenu Vasudevan
 
Managing the Android Supply Chain and the Role of SPDX
Managing the Android Supply Chain and the Role of SPDXManaging the Android Supply Chain and the Role of SPDX
Managing the Android Supply Chain and the Role of SPDXBlack Duck by Synopsys
 
Davidreinselppt 110304164919-phpapp01
Davidreinselppt 110304164919-phpapp01Davidreinselppt 110304164919-phpapp01
Davidreinselppt 110304164919-phpapp01MassTLC
 
David Reinsel - Entering the Era of Big IT
David Reinsel - Entering the Era of Big ITDavid Reinsel - Entering the Era of Big IT
David Reinsel - Entering the Era of Big ITChristine Nolan
 
Metricon5 powell - ddos analytics
Metricon5 powell - ddos analyticsMetricon5 powell - ddos analytics
Metricon5 powell - ddos analyticsTon Hoang
 

Similaire à In the Line of Fire-the Morphology of Cyber Attacks (14)

Fun and games for profit
Fun and games for profitFun and games for profit
Fun and games for profit
 
Mobile, Mobile, Mobile
Mobile, Mobile, MobileMobile, Mobile, Mobile
Mobile, Mobile, Mobile
 
Cloud Computing Webinar: Legal & Regulatory Update for 2012
Cloud Computing Webinar: Legal & Regulatory Update for 2012Cloud Computing Webinar: Legal & Regulatory Update for 2012
Cloud Computing Webinar: Legal & Regulatory Update for 2012
 
EMC a TBIZ2011
EMC a TBIZ2011EMC a TBIZ2011
EMC a TBIZ2011
 
Trend Micro Dec 6 Toronto VMUG
Trend Micro Dec 6 Toronto VMUGTrend Micro Dec 6 Toronto VMUG
Trend Micro Dec 6 Toronto VMUG
 
Tucci emc world 2011 fina lb
Tucci emc world 2011 fina lbTucci emc world 2011 fina lb
Tucci emc world 2011 fina lb
 
Palestra "Technology Trends To Watch In 2012 and beyond"
Palestra "Technology Trends To Watch In 2012 and beyond"Palestra "Technology Trends To Watch In 2012 and beyond"
Palestra "Technology Trends To Watch In 2012 and beyond"
 
Cisco tec chris young - security intelligence operations
Cisco tec chris young - security intelligence operationsCisco tec chris young - security intelligence operations
Cisco tec chris young - security intelligence operations
 
Mobile services for immobile users
Mobile services for immobile usersMobile services for immobile users
Mobile services for immobile users
 
Managing the Android Supply Chain and the Role of SPDX
Managing the Android Supply Chain and the Role of SPDXManaging the Android Supply Chain and the Role of SPDX
Managing the Android Supply Chain and the Role of SPDX
 
Davidreinselppt 110304164919-phpapp01
Davidreinselppt 110304164919-phpapp01Davidreinselppt 110304164919-phpapp01
Davidreinselppt 110304164919-phpapp01
 
20111214 iisf shinoda_
20111214 iisf shinoda_20111214 iisf shinoda_
20111214 iisf shinoda_
 
David Reinsel - Entering the Era of Big IT
David Reinsel - Entering the Era of Big ITDavid Reinsel - Entering the Era of Big IT
David Reinsel - Entering the Era of Big IT
 
Metricon5 powell - ddos analytics
Metricon5 powell - ddos analyticsMetricon5 powell - ddos analytics
Metricon5 powell - ddos analytics
 

Plus de Radware

Cyber Security Through the Eyes of the C-Suite (Infographic)
Cyber Security Through the Eyes of the C-Suite (Infographic)Cyber Security Through the Eyes of the C-Suite (Infographic)
Cyber Security Through the Eyes of the C-Suite (Infographic)Radware
 
What’s the Cost of a Cyber Attack (Infographic)
What’s the Cost of a Cyber Attack (Infographic)What’s the Cost of a Cyber Attack (Infographic)
What’s the Cost of a Cyber Attack (Infographic)Radware
 
DDoS Threat Landscape - Ron Winward CHINOG16
DDoS Threat Landscape - Ron Winward CHINOG16DDoS Threat Landscape - Ron Winward CHINOG16
DDoS Threat Landscape - Ron Winward CHINOG16Radware
 
Radware Cloud Security Services
Radware Cloud Security ServicesRadware Cloud Security Services
Radware Cloud Security ServicesRadware
 
Radware 2016 State of the Union: Multi Industry Web Performance (Desktop)
Radware 2016 State of the Union: Multi Industry Web Performance (Desktop)Radware 2016 State of the Union: Multi Industry Web Performance (Desktop)
Radware 2016 State of the Union: Multi Industry Web Performance (Desktop)Radware
 
Radware Hybrid Cloud WAF Service
Radware Hybrid Cloud WAF ServiceRadware Hybrid Cloud WAF Service
Radware Hybrid Cloud WAF ServiceRadware
 
The Expanding Role and Importance of Application Delivery Controllers [Resear...
The Expanding Role and Importance of Application Delivery Controllers [Resear...The Expanding Role and Importance of Application Delivery Controllers [Resear...
The Expanding Role and Importance of Application Delivery Controllers [Resear...Radware
 
The Art of Cyber War [From Black Hat Brazil 2014]
The Art of Cyber War [From Black Hat Brazil 2014]The Art of Cyber War [From Black Hat Brazil 2014]
The Art of Cyber War [From Black Hat Brazil 2014]Radware
 
The Real Cost of Slow Time vs Downtime
The Real Cost of Slow Time vs DowntimeThe Real Cost of Slow Time vs Downtime
The Real Cost of Slow Time vs DowntimeRadware
 
Cyber Attack Survival: Are You Ready?
Cyber Attack Survival: Are You Ready?Cyber Attack Survival: Are You Ready?
Cyber Attack Survival: Are You Ready?Radware
 
Radware ERT Threat Alert: Shellshock Bash
Radware ERT Threat Alert: Shellshock BashRadware ERT Threat Alert: Shellshock Bash
Radware ERT Threat Alert: Shellshock BashRadware
 
The Art of Cyber War: Cyber Security Strategies in a Rapidly Evolving Theatre
The Art of Cyber War: Cyber Security Strategies in a Rapidly Evolving TheatreThe Art of Cyber War: Cyber Security Strategies in a Rapidly Evolving Theatre
The Art of Cyber War: Cyber Security Strategies in a Rapidly Evolving TheatreRadware
 
Mobile Web Stress: Understanding the Neurological Impact of Poor Performance
Mobile Web Stress: Understanding the Neurological Impact of Poor PerformanceMobile Web Stress: Understanding the Neurological Impact of Poor Performance
Mobile Web Stress: Understanding the Neurological Impact of Poor PerformanceRadware
 
Emotional Engagement and Brand Perception
Emotional Engagement and Brand PerceptionEmotional Engagement and Brand Perception
Emotional Engagement and Brand PerceptionRadware
 
InfoSecurity Europe 2014: The Art Of Cyber War
InfoSecurity Europe 2014: The Art Of Cyber WarInfoSecurity Europe 2014: The Art Of Cyber War
InfoSecurity Europe 2014: The Art Of Cyber WarRadware
 
OpenStack Networking: Developing and Delivering a Commercial Solution for Lo...
OpenStack Networking: Developing and Delivering a Commercial Solution for Lo...OpenStack Networking: Developing and Delivering a Commercial Solution for Lo...
OpenStack Networking: Developing and Delivering a Commercial Solution for Lo...Radware
 
SecureWorld St. Louis: Survival in an Evolving Threat Landscape
SecureWorld St. Louis: Survival in an Evolving Threat LandscapeSecureWorld St. Louis: Survival in an Evolving Threat Landscape
SecureWorld St. Louis: Survival in an Evolving Threat LandscapeRadware
 
In the Line of Fire - The Morphology of Cyber-Attacks
In the Line of Fire - The Morphology of Cyber-AttacksIn the Line of Fire - The Morphology of Cyber-Attacks
In the Line of Fire - The Morphology of Cyber-AttacksRadware
 
Survival in an Evolving Threat Landscape
Survival in an Evolving Threat LandscapeSurvival in an Evolving Threat Landscape
Survival in an Evolving Threat LandscapeRadware
 
In the Line of Fire-the Morphology of Cyber Attacks
In the Line of Fire-the Morphology of Cyber AttacksIn the Line of Fire-the Morphology of Cyber Attacks
In the Line of Fire-the Morphology of Cyber AttacksRadware
 

Plus de Radware (20)

Cyber Security Through the Eyes of the C-Suite (Infographic)
Cyber Security Through the Eyes of the C-Suite (Infographic)Cyber Security Through the Eyes of the C-Suite (Infographic)
Cyber Security Through the Eyes of the C-Suite (Infographic)
 
What’s the Cost of a Cyber Attack (Infographic)
What’s the Cost of a Cyber Attack (Infographic)What’s the Cost of a Cyber Attack (Infographic)
What’s the Cost of a Cyber Attack (Infographic)
 
DDoS Threat Landscape - Ron Winward CHINOG16
DDoS Threat Landscape - Ron Winward CHINOG16DDoS Threat Landscape - Ron Winward CHINOG16
DDoS Threat Landscape - Ron Winward CHINOG16
 
Radware Cloud Security Services
Radware Cloud Security ServicesRadware Cloud Security Services
Radware Cloud Security Services
 
Radware 2016 State of the Union: Multi Industry Web Performance (Desktop)
Radware 2016 State of the Union: Multi Industry Web Performance (Desktop)Radware 2016 State of the Union: Multi Industry Web Performance (Desktop)
Radware 2016 State of the Union: Multi Industry Web Performance (Desktop)
 
Radware Hybrid Cloud WAF Service
Radware Hybrid Cloud WAF ServiceRadware Hybrid Cloud WAF Service
Radware Hybrid Cloud WAF Service
 
The Expanding Role and Importance of Application Delivery Controllers [Resear...
The Expanding Role and Importance of Application Delivery Controllers [Resear...The Expanding Role and Importance of Application Delivery Controllers [Resear...
The Expanding Role and Importance of Application Delivery Controllers [Resear...
 
The Art of Cyber War [From Black Hat Brazil 2014]
The Art of Cyber War [From Black Hat Brazil 2014]The Art of Cyber War [From Black Hat Brazil 2014]
The Art of Cyber War [From Black Hat Brazil 2014]
 
The Real Cost of Slow Time vs Downtime
The Real Cost of Slow Time vs DowntimeThe Real Cost of Slow Time vs Downtime
The Real Cost of Slow Time vs Downtime
 
Cyber Attack Survival: Are You Ready?
Cyber Attack Survival: Are You Ready?Cyber Attack Survival: Are You Ready?
Cyber Attack Survival: Are You Ready?
 
Radware ERT Threat Alert: Shellshock Bash
Radware ERT Threat Alert: Shellshock BashRadware ERT Threat Alert: Shellshock Bash
Radware ERT Threat Alert: Shellshock Bash
 
The Art of Cyber War: Cyber Security Strategies in a Rapidly Evolving Theatre
The Art of Cyber War: Cyber Security Strategies in a Rapidly Evolving TheatreThe Art of Cyber War: Cyber Security Strategies in a Rapidly Evolving Theatre
The Art of Cyber War: Cyber Security Strategies in a Rapidly Evolving Theatre
 
Mobile Web Stress: Understanding the Neurological Impact of Poor Performance
Mobile Web Stress: Understanding the Neurological Impact of Poor PerformanceMobile Web Stress: Understanding the Neurological Impact of Poor Performance
Mobile Web Stress: Understanding the Neurological Impact of Poor Performance
 
Emotional Engagement and Brand Perception
Emotional Engagement and Brand PerceptionEmotional Engagement and Brand Perception
Emotional Engagement and Brand Perception
 
InfoSecurity Europe 2014: The Art Of Cyber War
InfoSecurity Europe 2014: The Art Of Cyber WarInfoSecurity Europe 2014: The Art Of Cyber War
InfoSecurity Europe 2014: The Art Of Cyber War
 
OpenStack Networking: Developing and Delivering a Commercial Solution for Lo...
OpenStack Networking: Developing and Delivering a Commercial Solution for Lo...OpenStack Networking: Developing and Delivering a Commercial Solution for Lo...
OpenStack Networking: Developing and Delivering a Commercial Solution for Lo...
 
SecureWorld St. Louis: Survival in an Evolving Threat Landscape
SecureWorld St. Louis: Survival in an Evolving Threat LandscapeSecureWorld St. Louis: Survival in an Evolving Threat Landscape
SecureWorld St. Louis: Survival in an Evolving Threat Landscape
 
In the Line of Fire - The Morphology of Cyber-Attacks
In the Line of Fire - The Morphology of Cyber-AttacksIn the Line of Fire - The Morphology of Cyber-Attacks
In the Line of Fire - The Morphology of Cyber-Attacks
 
Survival in an Evolving Threat Landscape
Survival in an Evolving Threat LandscapeSurvival in an Evolving Threat Landscape
Survival in an Evolving Threat Landscape
 
In the Line of Fire-the Morphology of Cyber Attacks
In the Line of Fire-the Morphology of Cyber AttacksIn the Line of Fire-the Morphology of Cyber Attacks
In the Line of Fire-the Morphology of Cyber Attacks
 

Dernier

Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024The Digital Insurer
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilV3cube
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 

Dernier (20)

Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of Brazil
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 

In the Line of Fire-the Morphology of Cyber Attacks

  • 1. In the Line of Fire – the Morphology of Cyber-Attacks Bob Simpson Vice President BobS@Radware.com April 2013 Radware Confidential Jan 2012
  • 2. AGENDA Radware’s Twitter Handle: @radware Hashtag for this presentation - #Radware
  • 3. AGENDA Availability-based threats Attacks on the US banks Other popular attack patterns & trends
  • 4. Attacker’s Change in Motivation & Techniques LulzSec Sony, CIA, FBI Mar 2011 Vandalism and Publicity Financially Motivated “Hacktivism” Dec 2010 Netbot Blending Motives Operation DDoS Payback Attack Risk 2010 Peru, IMDDOS Chile Kracken (Botnet) “Blend” Mar 2011 Srizbi (Botnet) Codero DDoS / (Botnet) 2009 Twitter Rustock 2007 DDoS (Botnet) 2007 July 2009 Storm Cyber Attacks (Botnet) Mar 2011 CodeRed US & Korea Operation 2001 2007 Payback II “Worms” Blaster 2003 Google / Twitter Nimda Estonia’s Web Sites Attacks2009 (Installed Trojan) Agobot DoS 2001 Slammer (DoS Botnet) 2007 Mar 2011 DDoS (Attacking SQL sites) Wordpress.com 2003 Republican website DoS 2004 Georgia Web sites DoS 2008 2001 2005 2010 Time © 2011, Radware, Ltd. 4
  • 5. The Security Trinity Security Confidentiality, a mainstream adaptation of the “need to know” principle of the military ethic, restricts the Security Integrity access of information to those in its broadest meaning refers systems, processes and to the trustworthiness of recipients from which the information over its entire Integrity content was intended Confidentiality to be life cycle. exposed. Security Availability is a characteristic that distinguishes information objects that have signaling and self-sustaining processes from Availability those that do not, either because such functions have ceased (outage, an attack), or else because they lack such functions .
  • 6. Availability Based Attacks Availability- based Threats Network Floods Application Single-packet Low-and-Slow (Volumetric) Floods DoS Slide 6
  • 7. 2012 Attack Motivation - ERT Survey Radware Confidential Jan 2012 Slide 7
  • 8. Radware ERT Survey Radware Confidential Jan 2012 Slide 8
  • 9. 2012 Target Trend - ERT Survey Radware Confidential Jan 2012 Slide 9
  • 10. Attacks Campaigns Duration Radware Confidential Jan 2012 Slide 10
  • 11. Attack Duration Requires IT to Develop New Skills War Room Skills Are Required Radware Confidential Jan 2012 Slide 11
  • 12. Main Bottlenecks During DoS Attacks - ERT Survey Radware Confidential Jan 2012 Slide 12
  • 13. Attacks Traverse CDNs (Dynamic Object Attacks) Radware Confidential Jan 2012 Slide 13
  • 14. AGENDA 2012 Availability-based threats Attacks on the US banks Other popular attack patterns & trends
  • 15. “Overview” • What triggered the recent US attacks? • Who was involved in implementing the attacks and name of the operation? • How long were the attacks and how many attack vectors were involved? • How the attacks work and their effects. • How can we prepare ourselves in the future? Radware Confidential Jan 2012 Slide 15
  • 16. “What triggered the attacks on the US banks?” • Nakoula Basseley Nakoula (Alias- “Sam Bacile”), an Egyption born US resident created an anti Islam film. • Early September the publication of the „Innocence of Muslims‟ film on YouTube invokes demonstrations throughout the Muslim world. • The video was 14 minutes though a full length movie was released. Radware Confidential Jan 2012 Slide 16
  • 17. “Protests Generated by the Movie” Radware Confidential Jan 2012 Slide 17
  • 18. The Cyber Response Radware Confidential Jan 2012 Slide 18
  • 19. “Who is the group behind the cyber response?” • A hacker group called “Izz as-Din al-Qassam Cyber fighters”. • Izz as-Din al-Qassam was a famous Muslim preacher who was a leader in the fight against the French, US and Zionist in the 1920‟s and 1930‟s. • The group claims not to be affiliated to any government or Anonymous. • This group claims to be independent, and it‟s goal is to defend Islam. Radware Confidential Jan 2012 Slide 19
  • 20. “Operation Ababil launched!” • “Operation Ababil” is the codename of the operation launched on Septembetr18th 2012, by the group “Izz as-Din al-Qassam Cyber fighters” • The attackers announced they would attack “American and Zionist targets”. • “Ababil” translates to “swallow” from Persian. Until today the US thinks the Iranian government may be behind the operation. • The operations goal is to have “Youtube” remove the anti-muslim film from it‟s site. Until today the video has not been removed. Radware Confidential Jan 2012 Slide 20
  • 21. The Attack Vectors and Tactics! Slide 21
  • 22. “Initial attack campaign in 2 phases” • The attack campaign was split into 2 phases, a pubic announcement was made in each phase. • The attacks lasted 10 days, from the 18th until the 28th of September. • Phase 1 - Targets > NYSE, BOA, JP Morgan. • Phase 2 – Targets > Wells Fargo, US Banks, PNC. • Phase 3 - Targets > PNC, Fifth Third Bancorp, J.M.Chase, U.S.Bank, UnionBank, Bank of America, Citibank, BB&T and Capitalone. Radware Confidential Jan 2012 Slide 22
  • 23. “Attack Vectors” • 5 Attack vectors were seen by the ERT team during Operation Ababil. 1. UDP garbage flood. 2. TCP SYN flood. 3. Mobile LOIC (Apache killer version). 4. HTTP Request flood. 5. ICMP Reply flood. (*Unconfirmed but reported on). 6. Booters *Note: Data is gathered by Radware as well as it‟s partners. Radware Confidential Jan 2012
  • 24. Booters A Booter is a tool used for taking down/booting off websites and servers. Booters introduce high volumetric (server based) attacks and slow-rate attack vectors as a one stop shop. Slide 24
  • 25. “UDP Garbage Flood” • Targeted the DNS servers of the organizations, also HTTP. • 1Gb + in volume • All attacks were identical in content and in size (Packet structure). • UDP packets sent to port 53 and 80. • Customer attacked Sep 18th and on the 19th. Radware Confidential Jan 2012 Slide 25
  • 26. “Tactics used in the UDP garbage flood” • Internal DNS servers were targeted , at a high rate. • Web servers were also targeted, at a high rate. • Spoofed IP‟s (But kept to just a few, this is unusual). • ~ 1Gbps. • Lasted more than 7 hours initially but still continues... Packet structure Parameter Value Port 53 Value Port 80 Packet size 1358 Bytes Unknown Value in Garbage ‘A’ (0x41) characters “/http1” repeated (x2fx68x74x74x70x 31) - repetitive Radware Confidential Jan 2012 Slide 26
  • 27. “DNS Garbage flood packet extract” • Some reports of a DNS reflective attack was underway seem to be incorrect. • The packets are considered “Malformed” DNS packets, no relevant DNS header. Radware Confidential Jan 2012 Slide 27
  • 28. “Attackers objective of the UDP Garbage flood” • Saturate bandwidth. • Attack will pass through firewall, since port is open. • Saturate session tables/CPU resources on any state -full device, L4 routing rules any router, FW session tables etc.. • Returning ICMP type 3 further saturate upstream bandwidth. • All combined will lead to a DoS situation if bandwidth and infrastructure cannot handle the volume or packet processing. Radware Confidential Jan 2012 Slide 28
  • 29. “TCP SYN flood” • Targeted Port 53, 80 and 443. • The rate was around 100Mbps with around 135K PPS. • This lasted for more than 3 days. Radware Confidential Jan 2012 Slide 29
  • 30. “SYN flood Packet extract” -All sources are spoofed. -Multiple SYN packets to port 443. Radware Confidential Jan 2012 Slide 30
  • 31. “Attackers objective of the TCP SYN floods” • SYN floods are a well known attack vector. • Can be used to distract from more targeted attacks. • The effect of the SYN flood if it slips through can devastate state-full devices quickly. This is done by filling up the session table. • All state-full device has some performance impact under such a flood. • Easy to implement. • Incorrect network architecture will quickly have issues. Radware Confidential Jan 2012 Slide 31
  • 32. “Mobile LOIC (Apache killer version)” • Mobile LOIC (Low Orbit Iron Cannon) is a DDoS tool written in HTML and Javascript. • This DDoS Tool does an HTTP GET flood. • The tool is designed to do HTTP floods. • We have no statistics on the exact traffic of mobile LOIC. *Suspected *Suspected Radware Confidential Jan 2012 Slide 32
  • 33. “Mobile LOIC in a web browser” Radware Confidential Jan 2012 Slide 33
  • 34. “HTTP Request Flood” • Between 80K and 100K TPS (Transactions Per second) • Port 80 • Followed the same patterns in the GET request (Except for the Input parameter) • Dynamic user agent Radware Confidential Jan 2012 Slide 34
  • 35. “HTTP flood packet structure” • Sources worldwide (True sources most likely hidden). • User agent duplicated. • Dynamic Input parameters. GET Requests parameters Radware Confidential Jan 2012 Slide 35
  • 36. “Attackers objective of the HTTP flood” • Bypass CDN services by randomizing the input parameter and user agents. • Because of the double user agent there was an flaw in the programming behind the attacking tool. • Saturating and exhausting web server resources by keeping session table and web server connection limits occupied. • The attack takes more resources to implement than non connection orientated attacks like TCP SYN floods and UDP garbage floods. This is because of the need to establish a connection. Radware Confidential Jan 2012 Slide 36
  • 37. “Identified locations of attacking IP‟s” Worldwide! Radware Confidential Jan 2012 Slide 37
  • 38. AGENDA 2012 Availability-based threats Attacks on the us banks Others 2012 popular attack patterns & trends
  • 39. Availability-based Threats Tree Availability- based Threats Network Floods Application Single-packet Low-and-Slow (Volumetric) Floods DoS ICMP Web Flood DNS SMTP Flood UPD Flood HTTPS SYN Flood Radware Confidential Jan 2012 Slide 39
  • 41. HTTP Reflection Attack Attacker Website A Website B (Victim) HTTP GET Radware Confidential Jan 2012 Slide
  • 42. HTTP Reflection Attack Example iframe, width=1, height=1 search.php Radware Confidential Jan 2012 Slide
  • 43. HTTPS – SSL Re Negotiation Attack THC-SSL DoS THC-SSL DOS was developed by a hacking group called The Hacker‟s Choice (THC), as a proof- of-concept to encourage vendors to patch a serious SSL vulnerability. THC-SSL-DOS, as with other “low and slow” attacks, requires only a small number of packets to cause denial-of-service for a fairly large server. It works by initiating a regular SSL handshake and then immediately requesting for the renegotiation of the encryption key, constantly repeating this server resource-intensive renegotiation request until all server resources have been exhausted. Radware Confidential Jan 2012 Slide 43
  • 44. Low & Slow Availability- based Threats Network Floods Application Single-packet Low-and-Slow (Volumetric) Floods DoS ICMP Web Flood DNS SMTP Flood UPD Flood HTTPS SYN Flood Radware Confidential Jan 2012 Slide 44
  • 45. Low & Slow • Slowloris • Sockstress • R.U.D.Y. • Simultaneous Connection Saturation Radware Confidential Jan 2012 Slide 45
  • 46. R.U.D.Y (R-U-Dead-Yet) R.U.D.Y. (R-U-Dead-Yet?) R.U.D.Y. (R-U-Dead-Yet?) is a slow-rate HTTP POST (Layer 7) denial-of-service tool created by Raviv Raz and named after the Children of Bodom album “Are You Dead Yet?” It achieves denial-of-service by using long form field submissions. By injecting one byte of information into an application POST field at a time and then waiting, R.U.D.Y. causes application threads to await the end of never-ending posts in order to perform processing (this behavior is necessary in order to allow web servers to support users with slower connections). Since R.U.D.Y. causes the target webserver to hang while waiting for the rest of an HTTP POST request, by initiating simultaneous connections to the server the attacker is ultimately able to exhaust the server‟s connection table and create a denial-of-service condition. Radware Confidential Jan 2012 Slide 46
  • 47. Slowloris Slowloris Slowloris is a denial-of-service (DoS) tool developed by the grey hat hacker “RSnake” that causes DoS by using a very slow HTTP request. By sending HTTP headers to the target site in tiny chunks as slow as possible (waiting to send the next tiny chunk until just before the server would time out the request), the server is forced to continue to wait for the headers to arrive. If enough connections are opened to the server in this fashion, it is quickly unable to handle legitimate requests. Slowloris is cross-platform, except due to Windows’ ~130 simultaneous socket use limit, it is only effective from UNIX-based systems which allow for more connections to be opened in parallel to a target server (although a GUI Python version of Slowloris dubbed PyLoris was able to overcome this limiting factor on Windows). Radware Confidential Jan 2012 Slide 47
  • 48. Radware Security Products Portfolio DefensePro Network & Server attack prevention device AppWall Web Application Firewall (WAF) APSolute Vision Management and security reporting & compliance Slide 48
  • 49. Thank You www.radware.com Radware Confidential Jan 2012

Notes de l'éditeur

  1. Radware breaks down the security model into three categories: Confidentiality, Integrity and Availability.Think of it as follows:Confidentiality: A compromise here results in the theft or destruction of business-critical information or customer dataIntegrity: Often linked to confidentiality but damage to a businesses systems obviously can have a major impact. An extreme example that you might have heard of would be the Stuxnet virus that was designed to damage the centrifuge machines used in Iran to purify nuclear material.Availability: The ability for your business to operate. Denial of Service attacks target this dimension – designed purely to disrutp business operation.
  2. Here we have the 4 Primary Categories of Availability Based Threats, Network & Application Floods, Low & Slow and Single Packet DOS. The pie charts below illustrate actual use of these attack vectors based on ERT Case history. Over the past few years Application layer attacks have become a significant threat, with Web/SSL and DNS being the fast growing vectors.
  3. Based on the Radware Global Security Survey of the industry 57% of attacks have unknown motive. 22% of attacks have an ideological/hacktivist motive.
  4. 80% of respondents believe they are not protected and businesses will be impacted by DDOS attacks.
  5. While Gaming, Ecommerce maintain risk. Government,Financial Institutions take the biggest shift toward bullseye! These are VERY Likely targets for 2013.
  6. Attack Campaigns are becoming more and more persistent, with 23% of attacks lasting more than one week!
  7. Shift from 2 Security Phases to 3Pre Attack – audit, vuln scanning, pen tests, etc.Post Attack - forensics, process adjustments, preparation, etc.NEW Phase Cyber War Room24/7Trained under fire (war games, etc)Coverage
  8. SIZE
  9. We are going to take a look at the attacks on the US Banks. We’ll review the attack source, motivation, duration, attack vectors and preparation.
  10. -This pic is from the very beginning of the video, stating “There is an angry mob in the middle of the street”*Notes -  On September 9, 2012, an excerpt of the YouTube video was broadcast on Al-Nas TV, an Egyptian Islamist television station.[11][12]Demonstrations and violent protests against the film broke out on September 11 in Egypt and spread to other Arab and Muslim nations and some western countries.
  11. -Libyan riots top left - http://www.foreignpolicy.com/articles/2012/09/14/why_the_embassy_riots_wont_stop.-Lebonon riots bottom left - http://au.ibtimes.com/articles_slideshows/384606/20120915/lebanon-protesters-destroy-kentucky-fried-chicken-and-hardees-over-innocence-of-muslims-film-photos.htm
  12. Links about Izz as-Din al-Quassam The preacher - http://en.wikipedia.org/wiki/Izz_ad-Din_al-Qassam *Notes - The Levant includes most of modern Lebanon, Syria, Jordan, State of Palestine, Israel, Cyprus, Hatay Province of Turkey, some regions of northwestern Iraq and theSinai Peninsula.Links about the Cyber hacker group - http://www.globalpost.com/dispatches/globalpost-blogs/the-grid/who-are-the-izz-ad-din-al-qassam-cyber-fightershttp://www.ehackingnews.com/2012/12/izz-ad-din-al-qassam-cyber-fighters.htmlPic from - http://www.standupamericaus.org/terror-jihad/cyber-fighters-of-izz-al-din-al-qassam-alert-to-banks-in-usa/
  13. Claim to have no current ties to Anonymous Collective nor any Nation State.Goal is to have the Anti-Muslim Video taken off of YouTubeAbabil (Persian) translates to Swallow Links for translation of ababil - http://en.wikipedia.org/wiki/Ghods_AbabilThe pic from - http://en.wikipedia.org/wiki/File:Hirundo_abyssinica.jpgClaims of Iranian involvement -http://betabeat.com/2012/09/iran-possibly-behind-operation-ababil-cyber-attacks-against-financial-institutions/http://features.rr.com/article/0coOckreSy1vL?q=Bank+of+America
  14. Pic taken from - http://news.yahoo.com/americas-failing-grade-cyber-attack-readiness-153640058--abc-news-topstories.html
  15. Data taken from internal doc.Phase 3 OpAbabil – Announced March 5th (ongoing) and expected to last 11 weeks. While Phase 3 is not in my presentation today . Encrypted Attacks are a BIG problem for the current protection in place.
  16. -Taken from internal report.
  17. -Taken from internal report.
  18. Reflective attack - Attackers send forged requests of some type to a very large number of computers that will reply to the requests. Using spoofed SRC IP’s of the victim, which means all the replies will go to (and flood) the target.
  19. -Stateful inspection in the DNS area is limited. Was in smartdefense at CP, but how many people use it?-The server is forced to respond with ICMP packets “Destination Unreachable” (ICMP type3 Code 3) for port closed when udp packet arrives.-Returning ICMP type 3 further saturate (Packet size in return will be close to received packet).
  20. -Internal data.
  21. -The SYN flood attack simply sends a high rate of SYN’s with spoofed IP’s and the server is left waiting for the ACK.-This means the attacker needs much fewer hosts to exhaust target machine because no session is actually kept alive on the “Attackers” side.-You exhaust the Backlog of the TCP stack (Linux default is 3mins and Win2k is 45 sec. for half open timeouts, these can be changed). So the server can no longer accept a new connection.-
  22. -Another reported attack technique that was allegedly used during this campaign is a custom version of the Mobile LOIC tool (aka Mobile LOIC - Apache Killer) which is designed to exploit a known vulnerability in Apache servers – corresponding to CVE-2011-3192.-This attack tool targets Apache servers using Apache HTTP server versions 1.3.x, 2.0.x through 2.0.64, and 2.2.x through 2.2.19.
  23. Target URL- Specifies the URL of the attacked target. Must start with http://. Requests per second-Specifies the number of desired requests to be sent per second. Append message-Specifies the content for the “msg” parameter to be sent within the URL of HTTP requests
  24. Resource internal.
  25. -This value is unique since it seems to contain a typo which is caused by placing the “User Agent:” string inside the user agent value itself.Resource internal.
  26. Internal resources.
  27. Resource internal.
  28. Trend toward assymetricatacks with obvious reason. The attacker is required to utilize few resources while exhausting the target by sending small requests which result in large and or cpu intensive replies.
  29. Identification: referrer (ask the audience)Iframe attack can be used to amplify a DDoS any site. For example, using the attack LOIC iframe (JavaScript) to amplify the attack.
  30. RUDY or ARE YOU DEAD YET exploits the HTTP POST method by sending POST with long form field submission. It injects one byte of data then waiting causes application threads to await for never ending posts to perform processing.
  31. Slowloris sends very slow HTTP Requests. The HTTP headers ares sent in tiny chunks as slowly as possible while the server si forced to wait for the headers to arrive. This causes many connections to be built up on the target server. Slowloris is cross platform, except for Windows due to a socket limitation (~130). Pyloris was developed to enable running on windows with a Python GUI).