1 / 11

IoT Pulse Wave DDoS Attacks

IoT Pulse Wave DDoS Attacks. Sean Newman Director Product Management. DDoS Still on the increase …. 500 Gbps Hong Kong attack France swarmed after terror attack PlayStation & Xbox hit at Christmas. Mirai Botnet OVH / Krebs / DYN 600 Gbps -> 1Tbps. Anon hits Church of Scientology.

hollowayj
Download Presentation

IoT Pulse Wave DDoS Attacks

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. IoT Pulse WaveDDoS Attacks Sean NewmanDirector Product Management

  2. DDoS Still on the increase… 500 Gbps Hong Kong attackFrance swarmed after terror attackPlayStation & Xbox hit at Christmas Mirai BotnetOVH / Krebs / DYN600 Gbps -> 1Tbps Anon hits Churchof Scientology RioOlympics 540 Gbps Spamhaus attack: Reported to reach 310 Gbps Reaper Botnet2M Devices Spammers discoverbotnets First Hacktivists: Zapatista National Liberation Army ProtonMail attack Estonia: Parliament, banks, media, Estonia Reform Party Coordinated US bank attacks: Grew to 200 Gbps,and continue today DoS forNotoriety 2005 2007 2009 2011 2013 2015 2016 2017 2018 1993 …

  3. Reaper Targeting Range of IoT Devices • 2,000,000+ Vulnerable Devices Worldwide • Routers, Webcams, DVRs and other device types • Vendors include: D-Link, NetgearTP-Link & AVTech • Mirai/ELF_IMEIJ.A/Tsunami were 100-200k devices • Currently 20-30k Devices per Reaper Botnet • Suggests monetisation use, e.g. Stresser/DDoS for Hire • Potential for single devastating attack • Compromised devices search for other recruits • More sophisticated exploits being used, avoiding simpler ones • Auth Bypass Vuln (CVE-2017-8225) using empty login • More Sophisticated DDoSwith ability to run scripted attacks • For example, latest Pulse-Wave attacks

  4. Increasingly Sophisticated Exploits • Mirai–Basic password brute-force • Pre-populated default user/password pairs • Reaper –Authentication bypass vulnerability • Empty user and password parameters in URI • Satori/BrickerBot– Huawei Router Vuln(CVE-2017–17215) • Zero-day vulnerability posted openly on Pastebin • Injection of commands within a “firmware update” • Result: Undetected malicious code installed on the device • Ongoing IoT Challenge • Low performance devices running lightweight code • Cheap devices, with focus on function, not secure code

  5. Botnets Weaponised with Pulse Attack • Typical DDoS Attack Ramp up over minutes… ….Stay at target rate for, typically, 10-20 minutes and decay • New Pulse Wave DDoS Attacks • Continuous wave of fast ramping pulses at peak-rate

  6. Anatomy of a Pulse Attack • Continuous wave of multi-vector attack traffic bursts • Rapid-Ramp, High-Rate, Low-Volume • Sourced from BotNet configured with multiple targets • Full Botnet power attacks targets in turn for short duration • Destination Modulation enables more efficient Bot use • E.g. in DDoS for hire applications • Maximum impact before traditional protection can engage • Short burst duration could evade traditional protection

  7. The Rise of DDoS For Ransom • DDoS attacks traditionally targeted with specific motives… • Political, Religious, or other Beliefs • Online Gamers looking to gain advantage over other players • Students late with coursework/dissertations • Second half of 2017 saw a rise in DDoS for Ransom • Organised Crime launching mass spamming campaigns • Sources appear to include well-known cyber activists • Why is Ransom DDoS a concern? • Indiscriminate – attack for money, not traditional motives • Anonymity protected through use of Crypto-Currency • Payment doesn'tguarantee protection

  8. The Rise of DDoS for Ransom • Not all are genuine, but can you risk it? • Protection is the answer, not payment!

  9. Summary • DDoS as a whole still on the Increase • Attack Methods/Vectors more Sophisticated • Motivation shifting towards revenue generating ransom attacks • Traditional Protection is not effective enough • Either blind to attacks, or too slow to react • Service and Hosting Provider Reputation is at Risk • Many organisation still believe their provider protects them • Deploying Modern DDoS Protection is an Opportunity • Removes all DDoS Traffic from your infrastructure • Differentiates you from your competitors • Enables incremental revenue stream by selling on as a service

  10. Questions?

  11. Thank You!

More Related