attacchi informatici: strategie e tecniche per capire ... · attacchi informatici: strategie e...
TRANSCRIPT
Attacchi informatici:Strategie e tecniche per capire, prevenire e proteggersi dagli attacchi della rete
Analisi degli attacchi DDOS e delle contromisure
Alessandro Tagliarino
06 Novembre 2017
6 Novembre 2017
Alessandro Tagliarino – Presales Team Leader
pag. 2
WHOISARBORNETWORKS?
100%Percentageofworld’sTier1serviceproviderswhoareArborcustomers
>110NumberofcountrieswithArborproductsdeployed
25% AmountofglobaltrafficmonitoredbytheATLAS securityintelligenceinitiativerightnow!
#1
ArbormarketpositioninCarrier,EnterpriseandMobileDDoSequipmentmarketsegments
NumberofyearsArborhasbeendeliveringinnovativesecurityandnetworkvisibilitytechnologies&products17
http://Digitalattackmap.com
6 Novembre 2017
Alessandro Tagliarino – Presales Team Leader
pag. 3
This presentation provides a summary of the results of ArborNetworks’ 12th annual Worldwide Infrastructure Security Report(WISR)
The WISR documents the collective experiences, observations andconcerns of the operational security community in 2016 plusforecasts for the coming year
The WISR has changed immeasurably in terms of its scope andscale over 12 years, but the core goal is still to provide real insightinto infrastructure security from an operational perspective
Overview
6 Novembre 2017
Alessandro Tagliarino – Presales Team Leader
pag. 4
SurveyDemographics
• SPrespondents:51%Tier2/3operators&25%Tier1• EGErespondent:61%enterprise,35%education&14%government
• Enterprise:32%banking/financeupfrom18%lastyear.• Technology,automotive/transportationandmanufacturingarealsowellrepresented,
roundingoutthetop4• GeographicSplit:32%NorthAmerica,28%Europe,23%APAC,10%MiddleEast/Africa&7%LATAM
6 Novembre 2017
Alessandro Tagliarino – Presales Team Leader
pag. 5
ThingsYouShouldKnowAboutDDoSAttacks
• ItsneverbeeneasiertolaunchaDDoSattack.
• DDoSattacksareincreasinginsize,frequencyandcomplexity.
• DDoSattacksareusedassmokescreensorformsofdiversionduringadvancedthreatcampaigns2.
• OneOftheTop3causesofunplannedoutages,DDoSattacks
arethemostcostlytoanorganization3
DidYouKnow?For$5/hr anyone canlaunch
aDDoSattackancause$100sKindamage
…DDoSattacksizeincreasing1
…IncreaseindemandforDDoSProtection
services1
…experiencedmulti-vectoredattacks1
$5:$100sKDDoSforHire
74% …involvedDDOSasadiversion2
800Gbps
42%
78%
6 Novembre 2017
Alessandro Tagliarino – Presales Team Leader
pag. 6
Scale:VolumetricAttacksIncrease
• Largestattackreportedwas800Gbps withotherrespondentsreportingattacksof600Gbps,550Gbps,and500Gbps
• Onethirdofrespondentsreportpeakattacksover100Gbps
• 41%ofEGErespondentsand61%ofdata-centeroperatorsreportedattacksexceedingtheirtotalInternetcapacity
6 Novembre 2017
Alessandro Tagliarino – Presales Team Leader
pag. 7
Scale:TheATLASPerspective
• Peakmonitoredattackof579Gbps,73%growthfrom2015
• 558attacksover100Gbps,87over200Gbps
– Comparedto223and16in2015• 20%ofattacksover1Gbps,as
opposedto16%in2015• Averageattackssizenow931Mbps,
upfrom760Mbps,a23%increase
6 Novembre 2017
Alessandro Tagliarino – Presales Team Leader
pag. 8
Scale:DrivingFactors,IoT
TheResult• Firsthigh-profileattackusingIoT devicesChristmas2013,usingCPEandwebcams• In2016BotnetownersstartedtorecruitIoT devicesen mass• Attacksof540GbpsagainsttheOlympics,620GbpsagainstKrebs,Dyn etc..
TheProblem• Almosteverypieceoftechnologywebuyis
‘connected’• Devicesaredesignedtobeeasytodeploy
anduse,oftenresultinginlimitedsecuritycapabilities
• Softwareisveryrarelyupgraded.Somemanufacturersdon’tprovideupdates,ortheabilitytoinstallupdates
6 Novembre 2017
Alessandro Tagliarino – Presales Team Leader
pag. 9
Scale:DrivingFactors,Mirai
• BillionsofIoT devicesconnectedtotheInternet
– Estimatesvary,5B+,withmillionsaddedeveryday
• ArborhoneypotdeviceslookforexploitactivityonTelnet/SSHports
• 1Mloginattemptsfrom11/29to12/12from92KuniqueIPaddresses
• Morethan1attemptperminuteinsomeregions
Mirai isdesignedtoinfectandcontrolIoT devicesandcontainsthecodenecessarytomanageandbuildlarge-scalebotnets
6 Novembre 2017
Alessandro Tagliarino – Presales Team Leader
pag. 10
Scale:Driving Factors,ReflectionAmplification
• ReflectionAmplificationattackscontinue,buttherehasbeensomecyclicchangeintheprotocolsfavoredbyattackers.
• StronggrowthintheuseofDNS(again)through2016
• Largestmonitoredattackof498.3Gbs,a97%jumpfromlastyear
– DNSandNTPattacksover400Gbps,Chargen over200Gbps
6 Novembre 2017
Alessandro Tagliarino – Presales Team Leader
pag. 11
Complexity:AttackTypes
• VolumetricattacksstillrepresentthemajorityofactivityforbothSPandEGErespondents.• 95%ofSPreportapplicationslayerattacks,93%lastyear,90%in2014• 67%ofSPreportmulti-vectorattacks,56%lastyear,32%in2014
ServiceProviderAttackTypes EGEAttackTypes
6 Novembre 2017
Alessandro Tagliarino – Presales Team Leader
pag. 12
Complexity:TargetedServices
• DNSandHTTPthemostcommonservicestargetedbyapplicationlayerattacks• MajorityofSPandEGErespondentsalsoseeattackstargetingHTTPS• 57%ofEGErespondentsseeattackstargetingtheapplicationbehindHTTPS
– Muchhigherthanthe22%seenbySPs– Ciphersuitesthatpreventtrafficinspectionareakeyproblem
EGEServiceTargets
SPServiceTargets
6 Novembre 2017
Alessandro Tagliarino – Presales Team Leader
pag. 13
Frequency:UpAcrosstheBoardEGE
• 53%ofSPsseemorethan51attackspermonth,upfrom44%• 21%ofdata-centersseemorethan50attackspermonth,upfrom8%• 45%ofEGEseemorethan10attackspermonth,upfrom28%• ATLASistracking135,000Volumetricattacksperweek.
6 Novembre 2017
Alessandro Tagliarino – Presales Team Leader
pag. 14
Motivations:ManyandVaried
• SPsseeOnlineGamingandHackivism astopmotivations
• EGEseeIdeologicalHacktivismandExtortionastop
• 26%ofEGEseeDDoSfordistraction,upfrom12%
6 Novembre 2017
Alessandro Tagliarino – Presales Team Leader
pag. 15
Impact:Targets
• SPsseeGovernment,FinanceandHostingastoptargets
• SPsseeingattacksoncloudservicesdropsfromonethirdtoonequarter
• 42%ofEGErespondentsexperiencedanattack
– 63%offinance,upfrom45%
– 53%ofgovernment,upfrom43%
6 Novembre 2017
Alessandro Tagliarino – Presales Team Leader
pag. 16
Impact:DataCenter
• Nearlythreequartersofdatacenterrespondentssawbetween1and20attacksthatimpactedtheirservicein2016
• Operationalexpensesaretopbusinessimpact
• Significantincreaseinrevenueloss,upfrom33%to42%
• 23%estimatecostofasignificantattackover$100K,5%estimateover$1M
6 Novembre 2017
Alessandro Tagliarino – Presales Team Leader
pag. 17
Mitigation:SPsContinuetoImpress
• 83%ofSPsuseIDMStomitigateDDoSattacks– UseofIDMSandD/RTBHarebothincreasing
• 77%ofSPsmitigateattackinlessthan20minutes– 27%mitigateautomatically
• 78%ofSPsseemoredemandfromcustomers,up4percentoverlastyear– Government,Finance,eCommerce andHostingaredrivingdemand
6 Novembre 2017
Alessandro Tagliarino – Presales Team Leader
pag. 18
Mitigation:DataCenterImproves
• 60%useIDMS• 40%usefirewalls
– downfrom71%
6 Novembre 2017
Alessandro Tagliarino – Presales Team Leader
pag. 19
titolo
Mitigation:EGEImproves
• Firewalls,IPS/WAFandACLsmostcommon
• 35%usecloudDDoSmitigation– Upfrom28%
• 30%uselayeredDDoSmitigation– Upfrom23%
6 Novembre 2017
Alessandro Tagliarino – Presales Team Leader
pag. 20
SPOrganizationalSecurity
• NearlyhalfofSPsnowimplementanti-spoofingfilters• RehearsingDDoSattackprocessesandproceduresiskey
• 10%increaseinSPsrunningsimulations,37%dothisquarterly• EGE55%nowrunsimulations,40%dothisquarterly
• DifficultyinhiringandretainingpersonnelremainsakeyissueforbothSPandEGErespondents
6 Novembre 2017
Alessandro Tagliarino – Presales Team Leader
pag. 21
titolo
Q&A