Download - Lyamin GroupIB Report 2015
![Page 1: Lyamin GroupIB Report 2015](https://reader034.vdocuments.pub/reader034/viewer/2022051720/58ad89721a28ab662a8b5559/html5/thumbnails/1.jpg)
qrator.net 2015
DDOS-АТАКИ В РОССИИ: 2015
(и не только)
![Page 2: Lyamin GroupIB Report 2015](https://reader034.vdocuments.pub/reader034/viewer/2022051720/58ad89721a28ab662a8b5559/html5/thumbnails/2.jpg)
qrator.net 2015
Количество DDoS атак в 2015-м году снизилось.
(мнение)
?
![Page 3: Lyamin GroupIB Report 2015](https://reader034.vdocuments.pub/reader034/viewer/2022051720/58ad89721a28ab662a8b5559/html5/thumbnails/3.jpg)
qrator.net 2015
Факты и цифры
2015 1H 2014 1HНейтрализовано атак: 9 347↑ 2 715Среднее атак в день: 51↑ 15Макс. в день: 109↑ 38Средний ботнет: 1 053↓ 1 918Макс. размер ботнета: 162 528↓ 420 489Средняя длительность, час: 6↓ 11Макс. Длительность, день: 122↑ 91Spoofed атак: 6 065↑ 1 557Атак более 1Gbps: 276↑ 198Атак более 10Gbps: 150↑ 92Атак более 100Gbps: 67↑ 45
3
![Page 4: Lyamin GroupIB Report 2015](https://reader034.vdocuments.pub/reader034/viewer/2022051720/58ad89721a28ab662a8b5559/html5/thumbnails/4.jpg)
qrator.net 2015
Индустриальное разделение
1H15 increment 1H14
Payment systems 53,2 582%
Taxi 18,9 503%
Social Networks 18,8 647%
Real Estate 16,8 236%
Advertisement 11,4 -14%
Travel 8,8 46%
Banks 6,7 223%
Medicine 5,8 28%
Promo 5,5 88%
E-commerce 5,0 149%
Government 5,0 4%
Mass media 4,4 -54%
Info 4,2 -4%
Coupons 3,3 74%
Forex/Exchange 2,2 -69%
Trade 2,1 36%
Insurance 2,1 40%
Microfinance 1,7 -32%
Games 1,6 -31%
Online Cinema 1,4 -23%
4
![Page 5: Lyamin GroupIB Report 2015](https://reader034.vdocuments.pub/reader034/viewer/2022051720/58ad89721a28ab662a8b5559/html5/thumbnails/5.jpg)
qrator.net 2015
Индустриальное разделение
1H15 increment 1H14
Payment systems 53,2 582%
Taxi 18,9 503%
Social Networks 18,8 647%
Real Estate 16,8 236%
Advertisement 11,4 -14%
Travel 8,8 46%
Banks 6,7 223%
Medicine 5,8 28%
Promo 5,5 88%
E-commerce 5,0 149%
Government 5,0 4%
Mass media 4,4 -54%
Info 4,2 -4%
Coupons 3,3 74%
Forex/Exchange 2,2 -69%
Trade 2,1 36%
Insurance 2,1 40%
Microfinance 1,7 -32%
Games 1,6 -31%
Online Cinema 1,4 -23%
5
![Page 6: Lyamin GroupIB Report 2015](https://reader034.vdocuments.pub/reader034/viewer/2022051720/58ad89721a28ab662a8b5559/html5/thumbnails/6.jpg)
qrator.net 2015
Кстати о прессе
6
![Page 7: Lyamin GroupIB Report 2015](https://reader034.vdocuments.pub/reader034/viewer/2022051720/58ad89721a28ab662a8b5559/html5/thumbnails/7.jpg)
qrator.net 2015
From: Armada Collective ( with love ) <[email protected]>
P.S. Qrator sucks. They can’t block massive UDP floods, but with them massive UDP
floods are not even necessary, because small sophisticated TCP attacks are passing
through their firewalls.
Also, they don’t work very well with HTTP attacks.
For recommendation of better protection (and probably cheaper then them) we can
inform you once we get your payment.
7
![Page 8: Lyamin GroupIB Report 2015](https://reader034.vdocuments.pub/reader034/viewer/2022051720/58ad89721a28ab662a8b5559/html5/thumbnails/8.jpg)
qrator.net 2015
Амплификаторы в IPv4
8
0
10000000
20000000
30000000
40000000
50000000
60000000
2014-04-21 2014-06-10 2014-07-30 2014-09-18 2014-11-07 2014-12-27 2015-02-15 2015-04-06 2015-05-26 2015-07-15 2015-09-03
Chargen
NTP
DNS
SNMP
SSDP
Total
![Page 9: Lyamin GroupIB Report 2015](https://reader034.vdocuments.pub/reader034/viewer/2022051720/58ad89721a28ab662a8b5559/html5/thumbnails/9.jpg)
qrator.net 2015
Но все еще достаточно
9
![Page 10: Lyamin GroupIB Report 2015](https://reader034.vdocuments.pub/reader034/viewer/2022051720/58ad89721a28ab662a8b5559/html5/thumbnails/10.jpg)
qrator.net 2015
И дети этим пользуются
Incredible! As this is not easy. Knock down one server all went down ... Well
hrvatskitelekom I mean really. Let you alone for now.
- KuNaNeT (@ KuNaNetw0rk) September 22, 2015
10
![Page 11: Lyamin GroupIB Report 2015](https://reader034.vdocuments.pub/reader034/viewer/2022051720/58ad89721a28ab662a8b5559/html5/thumbnails/11.jpg)
qrator.net 2015
Поговорим о взрослых
11
![Page 12: Lyamin GroupIB Report 2015](https://reader034.vdocuments.pub/reader034/viewer/2022051720/58ad89721a28ab662a8b5559/html5/thumbnails/12.jpg)
qrator.net 2015
BGP hijacking
As first reported here: http://blog.bofh.it/id_456 ROS recommended using BGP hijacking
and Hacking Team helped with the setup of new RAT CnC servers.
12
![Page 13: Lyamin GroupIB Report 2015](https://reader034.vdocuments.pub/reader034/viewer/2022051720/58ad89721a28ab662a8b5559/html5/thumbnails/13.jpg)
qrator.net 2015
13
![Page 14: Lyamin GroupIB Report 2015](https://reader034.vdocuments.pub/reader034/viewer/2022051720/58ad89721a28ab662a8b5559/html5/thumbnails/14.jpg)
qrator.net 2015
Report2014.groupIB.ru
14
![Page 15: Lyamin GroupIB Report 2015](https://reader034.vdocuments.pub/reader034/viewer/2022051720/58ad89721a28ab662a8b5559/html5/thumbnails/15.jpg)
qrator.net 2015
http://radar.qrator.net
15
![Page 16: Lyamin GroupIB Report 2015](https://reader034.vdocuments.pub/reader034/viewer/2022051720/58ad89721a28ab662a8b5559/html5/thumbnails/16.jpg)
qrator.net 2015
Устами ребенка глаголит Истина
16
![Page 17: Lyamin GroupIB Report 2015](https://reader034.vdocuments.pub/reader034/viewer/2022051720/58ad89721a28ab662a8b5559/html5/thumbnails/17.jpg)
qrator.net 2015
Устами ребенка глаголит Истина
small sophisticated TCP attacks
17