Contenu connexe
Similaire à State of the Internet: Mirai, IOT and History of Botnets (20)
Plus de Rahul Neel Mani (19)
State of the Internet: Mirai, IOT and History of Botnets
- 1. State of the Internet: Mirai, IOT & History of Botnets
Ashvini Singhal, Head - Security Operations Center, Akamai
- 2. ©2015 AKAMAI | FASTER FORWARDTM
Akamai Confidential
Grow revenue opportunities with fast, personalized
web experiences and manage complexity from peak
demand, mobile devices and data collection.
Internet- Threat Lanscape
- 3. ©2015 AKAMAI | FASTER FORWARDTM
Akamai Confidential
DDoS Attack Trends
- 4. ©2015 AKAMAI | FASTER FORWARDTM
Akamai Confidential
What Comes to Mind When your
Hear the Word?
BotNet
- 5. ©2015 AKAMAI | FASTER FORWARDTM
Akamai Confidential
DDoS
Malware
Service Disruption
Something “Bad”
- 6. ©2015 AKAMAI | FASTER FORWARDTM
Akamai Confidential
A group of internet-connected devices controlled by a central system
What does a BotNet Really Mean?
- 7. ©2015 AKAMAI | FASTER FORWARDTM
Akamai Confidential
Lee Enfield No.4 Mk2
Firepower - Then
- 8. ©2015 AKAMAI | FASTER FORWARDTM
Akamai Confidential
Firepower - NOW
- 9. ©2015 AKAMAI | FASTER FORWARDTM
Akamai Confidential
What made it so EASY?
- 10. ©2015 AKAMAI | FASTER FORWARDTM
Akamai Confidential
IOT – Internet of Things
- 11. ©2015 AKAMAI | FASTER FORWARDTM
Akamai Confidential
Large Attacks – Q3 2016
- 12. ©2015 AKAMAI | FASTER FORWARDTM
Akamai Confidential
Large Attacks – Q4 2016
- 13. ©2015 AKAMAI | FASTER FORWARDTM
Akamai Confidential
Botnet Attacks
- 15. ©2015 AKAMAI | FASTER FORWARDTM
Akamai Confidential
Mirai (Japanese for “The Future”)
What is Mirai?
This tool achieved particular notoriety for its specific targeting of IoT
devices, such as IP cameras, WiFi-connected refrigerators, unsecured home routers, etc
- 16. ©2015 AKAMAI | FASTER FORWARDTM
Akamai Confidential
3 Typical Attack Targets:
• Datacenter routing
• DNS
• Application
Problem is, if any of the 3 are taken out, the entire enterprise is taken out
Unlike many Attack Bots, Mirai can be very specifically aimed at all 3 targets
with great accuracy
Mirai Baseline
- 17. ©2015 AKAMAI | FASTER FORWARDTM
Akamai Confidential
Mirai – Attack Vector
- 18. ©2015 AKAMAI | FASTER FORWARDTM
Akamai Confidential
Avoid data theft and downtime by extending the
security perimeter outside the data-center and
protect from increasing frequency, scale and sophistication of web
attacks.
Command and Control
Report server
Infection server
Manually Infected IoT Device
Component's of the Mirai Bot Net
- 20. ©2015 AKAMAI | FASTER FORWARDTM
Akamai Confidential
Avoid data theft and downtime by extending the
security perimeter outside the data-center and
protect from increasing frequency, scale and sophistication of web
attacks.
1.1.1.1 admin admin✓
1.1.1.1 admin admin ✓
The IoT Bot scans the internet for other devices and test default username and password combosSuccessful results are sent to the Report server.Report server sends results to the Infection server to infect new bot.Bots come online and connect to the C2 for instructs and maintain heartbeatBots come online and connect to the C2 for instructs and maintain heartbeat and restarts processes.
C2
Report
Infection
BasicAnatomy IoT infection
- 21. ©2015 AKAMAI | FASTER FORWARDTM
Akamai Confidential
Mirai – Scanning
- 22. ©2015 AKAMAI | FASTER FORWARDTM
Akamai Confidential
Mirai Attack – DNS Variant
- 23. ©2015 AKAMAI | FASTER FORWARDTM
Akamai Confidential
Mirai Attack – Broad Spectrum Attack
- 24. ©2015 AKAMAI | FASTER FORWARDTM
Akamai Confidential
What Can You Do?
Phase 1 • Strict access controls on your firewall(Datacenter, Web and
DNS)
Phase 2 • Loosen your Phase I controls to bring secondary services
back online
Phase 3 • Bring all services back online
KNOW YOUR ENVIRONMENT
- 25. ©2015 AKAMAI | FASTER FORWARDTM
Akamai Confidential
Avoid data theft and downtime by extending the
security perimeter outside the data-center and
protect from increasing frequency, scale and
sophistication of web attacks.
A Pervasive Platform:
• Every major city
• Every major network
• One network hop
away from 95% users
Accelerating:
• 5 of the top 5 high tech firms
• 3 of the top 3 stock exchanges
• 5 of the top 5 M&E firms
• 5 of the top 5 ecommerce firms
Akamai has 400+
customers in India,
including the who’s who
of the Indian
Enterprise!
Akamai in India
- 26. ©2015 AKAMAI | FASTER FORWARDTM
Akamai Confidential
Grow revenue opportunities with fast, personalized
web experiences and manage complexity from peak
demand, mobile devices and data collection.
216,000+ servers
1,500+ networks
650+ cities
120+ countries
A GLOBAL PLATFORM
All top 60 eCommerce sites
All top 30 M&E companies
All branches of the U.S. military
All top 10 banks
DELIVERING 13+ MILLION
HOSTNAMES
40+ million hits per second
2+ trillion deliveries per day
30+ terabits per second
ACCELERATING DAILY TRAFFIC OF
Akamai Today
Delivering 15-30+%
of All Web Traffic
- 27. ©2015 AKAMAI | FASTER FORWARDTM
Akamai Confidential
Grow revenue opportunities with fast, personalized
web experiences and manage complexity from peak
demand, mobile devices and data collection.
Thank You!