Upload
verisign
View
3.288
Download
0
Embed Size (px)
Citation preview
2
Summary
3
Summary
Largest Volumetric Attack in Q3
• Verisign defended a multi-vector attack against the IT Services/Cloud/SaaS vertical:
• TCP SYN flood
• Internet Control Message Protocol (ICMP) floods
• UDP reflected/spoofed attacks (primarily NTP)
• Peaked at 60 Gbps and 12 Mpps
Primary Attack Vector Used in Q3
• UDP floods consisting of NTP, DNS and SSDP traffic
Trend to Watch – Hackers target iOS and Linux operating systems to deploy
malware
• iOS: xCodeGhost malware
• Linux: Ballpit botnet
4
Mitigations by Attack Size
• 1/3 of attacks peaked over 5 Gbps
• 1 in 5 peaked over 10 Gbps
• Attacks in the 5-10 Gbps and over 10 Gbps ranges more than
doubled from the previous quarter
Mitigation Peaks by Quarter
5
Mitigations by Vertical• IT Services / Cloud / SaaS experienced the largest volume of attacks in Q3
• Over 1/3 of all attacks
• Peaked at 60 Gbps and 12 Mpps
• Media & Entertainment was the 2nd most targeted industry
• 26% of attacks mitigated by Verisign
• Averaging 4.4 Gbps
• Other sectors remain heavily targeted
• Financial: 15% of attacks, averaging 2 Gbps
• Public: 13% of attacks, averaging 8 Gbps
Mitigation by Industry
6
Mitigations by Vertical
YTD Attack Size by Industry
• IT Services / Cloud / SaaS and Media & Entertainment industries
both experienced the largest peak attack sizes this year
• Both ≥ 80 Gbps
7
XcodeGhost Brings Apple App Store Vulnerabilities to the Forefront
Summary: First identified in
September on the Chinese
microblog site, Sina Weibo,
XcodeGhost is an infection of
Xcode, the framework
developers use to create apps
for Apple’s iOS and OS X
operating systems. iDefense
research analysts leveraged
authoritative DNS traffic
patterns to examine a snapshot
of NXDOMAIN transactions and
found that, even though the
C&C domain delegations are
removed and therefore
disabled, the domains were still
receiving a large number of
queries per day.
Recommendations: Uninstall infected apps until they are updated
and change the related Apple ID password immediately. Be
cognizant of any dialogue boxes (e.g., emails or push notifications)
that show up on screens and do not enter any information without
verifying the source.
8
Summary: Ballpit, a Linux
client server-based botnet
believed to power
LizardSquad’s denial of service
(DoS) tool, LizzardStresser.su.
Verisign iDefense recently
collected intelligence on the
infrastructure of a Ballpit variant
that now also includes a
Microsoft Windows® payload.
The infrastructure spans at
least six C&C server IP
addresses, all of which
iDefense believes are managed
by the same actors.
Ballpit Botnet Exploits Linux
Recommendations: Monitor inbound network traffic to perimeter
defense devices in order to detect TCP or UDP traffic spikes that may
indicate a DDoS attack. Disable public-facing Telnet services. However,
if these services are critical to operations, organizations should be sure
to monitor for brute-force login attempts.
Visit www.Verisign.com/ddostrends
to download a copy
9
Read the Full Report
© 2015 VeriSign, Inc. All rights reserved. VERISIGN and other trademarks, service marks, and designs are registered or unregistered trademarks of
VeriSign, Inc. and its subsidiaries in the United States and in foreign countries. All other trademarks are property of their respective owners.