Embed Size (px)
DESCRIPTION
http://www.prolexic.com | Multi-vector DDoS attack campaigns make DDoS mitigation more difficult. Multiple attack vectors make it less likely the attack can be blocked with automated devices. In addition, the DDoS mitigation team has to track more details and to fight the attack on multiple fronts simultaneously. In this slideshow, Prolexic examines a recent DDoS attack that involved a dozen attack vectors, and explains how they fought back.
Citation preview
www.prolexic.com
Attack Spotlight: Multi-Vector DDoS Attacks
An attack against a global financial firm
www.prolexic.com
Key facts about the DDoS attack
• Distributed denial of service (DDoS) attack mitigated by Prolexic in Q4 2013
• Targeted a global financial organization
• Multi-vector attack
• Well-orchestrated and sophisticated attack
• Four days and nights
• Multiple botnets
• Attack signatures and methods changed throughout the campaign
• Mobile phones played a pivotal role
www.prolexic.com
Asian botnets played a key role in the Attack
• Main source countries – Indonesia
– China
– U.S.
– Mexico
• Source was hidden behind a super proxy – Legitimate users may use a super proxy for privacy
– Increases mitigation challenge to avoid blocking uninvolved users of the super proxy
www.prolexic.com
It was a massive multi-vector attack
• At least 12 different attacks – Network layer (Layer 3)
– Application layer (Layer 7)
– Use of mobile phones
– Hacktivist message
• Multi-vector attacks are more likely to bypass automated DDoS mitigation devices
www.prolexic.com
Real-time human expertise was needed to
block the campaign
• To block the attack, Prolexic combined – Advanced DDoS mitigation technology
– Skilled DDoS mitigation experts
• Experts monitored and responded to the attack in real-time
• When the attack changed, the mitigation method had to change
• Experts crafted a response to block every new attack
www.prolexic.com
Attack components: Low Orbit Ion Cannon
(LOIC)
• Supporters download the tool and opt-in to lend their computing resources
• Members of the Anonymous cooperative control participating devices
• Controlled via – Internet relay chat (IRC)
– URL shortening services, such as Bit.ly
www.prolexic.com
Attack components: Mobile phones
• New DDoS trend
• 6.8 million mobile devices worldwide
• More than half the world’s mobile users are in Asia – China – India
• Mobile devices – Are vulnerable to malware – May become part of a botnet unwittingly – May be deliberately used by downloading a mobile
DDoS apps
www.prolexic.com
Attack components: Mobile phones, continued
• Easy-to-use mobile DoS apps are available for download
• AnDOSid – Android app
– Produces POST floods
• Mobile LOIC – Android app
– Available from mainstream app store in December 2013
www.prolexic.com
Prolexic Q4 2013 Global Attack Report
• Download the Q4 2013 Global Attack Report for: – More details about this attack
– Attack signatures used
– DDoS attack trends
– Year-over-year and quarter-by-quarter comparisons
– Types of attacks used
– Network protocols at risk for abuse by attackers
– Industries targeted
– Details about real attacks mitigated by Prolexic
– Case study about the Asian DDoS threat
www.prolexic.com
About Prolexic
• Prolexic Technologies is the world’s largest and most trusted provider of DDoS protection and mitigation services
• Prolexic has successfully stopped DDoS attacks for more than a decade
• Our global DDoS mitigation network and 24/7 security operations center (SOC) can stop even the largest attacks that exceed the capabilities of other DDoS mitigation service providers
