1 / 31

Cyber attacks increasing – keep your domain safe

Cyber attacks increasing – keep your domain safe. 20th anniversary of .LV HOSTS: Institute of Mathematics and Computer Science VENUE: Radisson Blu Daugava Hotel, Riga, Latvia . 19 th April 2013. Thank you to nic.LV. Inviting me and for working with us.

tiger-byers
Download Presentation

Cyber attacks increasing – keep your domain safe

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Cyber attacks increasing – keep your domain safe 20th anniversary of .LV HOSTS: Institute of Mathematics and Computer Science VENUE: Radisson Blu Daugava Hotel, Riga, Latvia. 19th April 2013.

  2. Thank you to nic.LV • Inviting me and for working with us. • Congratulations on 20 reliable years, here’s to the next 20 years. • For being an active member of the Domain Name System Infrastructure Resilience (DIR) Task Force – www.DIR.ORG • With financial support from the European Commission - Directorate-General Justice, Freedom and Security; Prevention, Preparedness and Consequence Management of Terrorism and other Security Related Risks Programme. • Cyber-Security is NOT sexy –we’re telling users they are frequently the cause of problems –but being protected is better for them, their employer and wider Internet.

  3. Agenda • What we do • A word from our sponsors! • Growth of Internet access • Broadband access and speeds • Vulnerabilities and attack traffic • Compromised devises, attack vectors and Video – watch carefully, see if you can see some of the tricks. • Why and how do the bad guys use YOU • Using compromised devices is an efficient way to gain information, generate revenue or cause disruption. • How resilient is the Internet • It is as safe as you make it! • References • Any questions.

  4. Real Time Data – 29th Nov 2010 • 12 billion users per day • 1,869 ISPs host CDNS servers. • 160,731,688 names on platform • 636,707 updates on 8th March 2013 • Peaked at 193,000 transactions per second • Capacity is 855 billion per second! www.CDNS.net/live_stats.html

  5. CDNS - Server Locations 55 locations, 48 Countries, 24x7x365 NOCs in UK, USA and Japan, monitoring, serving and blocking malicious traffic for DNS, WEB and other applications

  6. DNS – Reflection attacks • DDoS Increasing • DNSSEC has much larger payload • DNS Amplification attacks increasing • 23rd March 2012 7.6m queries per sec peak, >2m queries per sec for approx 24 hour • Genuine traffic <300,000 queries per second 6

  7. Network monitoring for DNS and more • Improving cyber-security for customers. • Managing Anycast cloud represents approximately 30% of the job and is technically relatively easy. • 70% is network monitoring, looking for “bad” guys who seek to change DNS data or introduce anomalies for personal gain.

  8. European Broadband – July 2012 European Commission Communications Committee - Digital Agenda, July 2012

  9. Broadband lines by speed and country European Commission Communications Committee - Digital Agenda, July 2012

  10. Mobile Broadband - Jan 2009 to July 2012 European Commission Communications Committee - Digital Agenda, July 2012

  11. Year on Year growth - 2011 v 2012 • Attack traffic is increasing dramatically. European Commission DG INFSO, Unit C4: Economical and Statistical Analysis

  12. Total attack types 2012 European Commission DG INFSO, Unit C4: Economical and Statistical Analysis

  13. Home DSL Router vulnerability test results • It works!! -leave it alone • Majority of home users buy their router and do not install security patches. • UK – 19m DSL Routers, 35% compromised, average upstream say 0.5Mbps = DDoS of 3.3Tbps or 3325Gbps

  14. Cyber-espionage - You’ve got mail!

  15. How mail system works…. Message: Broken into Packets, Numbered and dispatched Receiver: Acknowledge receipt, lost packets are resent, Reassembled in order

  16. Emailing your Bank – DNSSEC helps a bit

  17. 2011 Denial of Service Attack Vectors • UDP popular “hook” for initiating attacks as is SYN – the TCP three way handshake

  18. 2012 Attack vectors • DNS Attacks almost tripled Q1 2011 to Q1 2013 from 2.35% to 4.67%

  19. Top 10 countries - sources of DDoS attacks • UK – has almost 19million home/office Broadband connections.

  20. 2011 – Top 10 DDoS source countries.

  21. 2012 – Top 10 DDoS source countries.

  22. Compromised Devices by Country Source: Panda Security

  23. ASN – Most used ASN for DDoS • Counterfeit software is NOT patched by supplier therefore vulnerable to compromise.

  24. Work - Bad guys “fish, where fish are!” • In US – 77% of employees use social media during worktime. • 33% of companies have been infected by malware through social media channel • 57% of companies have Policies regulating use • 81% have staff dedicated to monitoring and implementing Policies • 62% do not allow these sites to be accessed • Android smart phone are the new target 37% Panda Labs Q3 2012 Quarterly Report

  25. Why do they do it- Reason for cyber-crime Panda Labs Q3 2012 Quarterly Report

  26. How the “bad guys” corrupt systems Game Apps

  27. Botnets as a Service.

  28. How much to know your competitors?

  29. How Resilient is the Internet? • Very – BUT …. Progress means things are changing fast…….. • To keep ahead of the bad-guys, needs careful monitoring • Need to check your DNS settings and services regularly • Do not rely on the Public Internet, make good use of private VPN’s that use IP address (IPv4 and IPv6) rather than just standard “name” resolution. • Encrypt private communications – PKI, like PGP etc • Periodically check for inconsistencies such as the way staff terminals use the Internet. • Smart Phones are now the target, so they need scanning where users interact with social media sites and may download viruses to act as Trojan on home and work networks.

  30. References • PHP Vulnerability -Injection Attack • http://security.radware.com/itsoknoproblembro/ • SOAP Vulnerable Products: • https://docs.google.com/spreadsheet/ccc?key=0ApUaRDtAei07dGxkSHN1cEN3V2pmYW4yNkpZMlQ0Rmc#gid=0 • Around 40-50 million network-enabled devices are at risk due to vulnerabilities found in the Universal Plug and Play (UPnP) protocol. • UPnP enables devices such as routers, printers, network-attached storage (NAS), media players and smart TVs to communicate with each other. • http://www.defensecode.com/public/DefenseCode_Broadcom_Security_Advisory.pdf • Java (again) - turn off Java Runtime Environment https://blogs.oracle.com/security/entry/february_2013_critical_patch_update

  31. Happy Birthday nic.LV!!! Paul.Kane@CDNS.net Thank you

More Related