In the Cloud Security - Akamai

wallbroadSecurity

Dec 3, 2013 (3 years and 8 months ago)

329 views

Akamai Confidential

©2011 Akamai

In the Cloud Security

Highlighting the Need for Defense
-
in
-
Depth

R. H. Powell IV

Director, Government Solutions

CISSP

Rpowell@Akamai.com


W:
703.621.4029

M: 703.867.5899

Akamai Confidential

©2011 Akamai

Headlines You May Have Seen

Akamai Confidential

©2011 Akamai

Headlines You
DID NOT
See

President Delays Trip Due to
Cyber Attacks

Independence Day Attacks
Paralyze the U.S.

Financial & Government Websites
Attacked and Taken Down: Stocks
Show Concerns

Akamai Confidential

©2011 Akamai

The Threat is Real

DDoS

is the #1 Preferred Method of Attack
(
TrustWave

2011)

74% of surveyed companies experienced one or more DDoS attacks in the past year, 31% of these attacks resulting in service di
sru
ption


Forrester Research


LulzSec
, Anonymous declare war on government websites Hacker groups call for stealing, leaking classified information

By
Kevin
McCaney

Jun 20, 2011

Akamai Confidential

©2011 Akamai

Akamai Attack Trends in 2011

Total
DDoS

attack volume against
Akamai customers is growing
100% 2010


2011


Average Attack sizes are in the 3
-
10
Gbps

range


Attacks are originating from all
geographies and are moving
between geographies during the
attack

0
100
200
300
400
500
600
2009
2010
2011
Akamai DDoS Attack Trend Data

2011 volume is projected based

on
actuals

through September

The Akamai network saw more DDoS attacks in the fourth quarter of 2010 than in the first three quarters of the year combined




Tom Leighton, Chief Scientist, Akamai Technologies

Akamai Confidential

©2011 Akamai

Why?

Extortion / Theft

Political Hackitivism

State Sponsored

Traditional Hackers: Glory Hounds

Akamai Confidential

©2011 Akamai

Why?

Extortion / Theft


Political Hackitivism

State Sponsored

Traditional Hackers: Glory Hounds

Akamai Confidential

©2011 Akamai

July 4
th

DDoS Attack Timeline

Distributed, Agile and Multi
-
Phased Attack

“The first list had only five targets


all U.S. government sites. A second list used by the malware on July 6 had 21 targets, a
ll U.S. government and
commercial sector sites, including e
-
commerce and media sites. A list on the 7th switched out some of the U.S. sites for ones in

South Korea. …
-

Joe Stewart,
director of malware research at SecureWorks

“While Treasury Department and Federal Trade Commission Web sites were shut down by the software attack, which lasted for
days over the holiday weekend, others such as the Pentagon and the White House were able to fend it off with little disruptio
n”


--

New York Times

Akamai Provides Customers the Ability to “Fight Through” the Attack
!


All Targeted Applications on the Akamai Platform Remained Available.

All Targets Applications not on the Akamai Platform were Rendered Unavailable.

Protected Akamai Customers from
Effects


Absorbed: 1M+
Hps
; 200+
Gbps
; 300k+
Attack IPs


Denied the Attacker
-

Affects on Targets


Maintained Customer Brand Integrity


Provided Near Real
-
Time SA & Alerting


Provided Analysis to US Cyber Officials


Akamai Confidential

©2011 Akamai

Oct 5, 2011: Vulnerability Scanning Shut Down

-

Scanning triggers alerts

-

Offending requests are

identified and denied <4hrs

Akamai Confidential

©2011 Akamai

Why?

Extortion / Theft


Political Hackitivism

State Sponsored

Traditional Hackers: Glory Hounds

Akamai Confidential

©2011 Akamai

Holiday Season 2010


DDoS Attacks

Attacked eCommerce Web Sites Protected by Akamai

PROTECTED

Customer
#1

Customer
#2

Customer
#3

Customer
#4

Customer
#5

Times Above

Normal Traffic

9,095x

5,803x

3,115x

2,874x

1,807x

Peak Attack

Time (GMT)

11/30

2PM

12/1

2PM

11/30

2PM

12/1

1PM

12/1

1PM

Highly distributed international DDoS attacks from
Asia
-
Pac, South America and Middle East

Customer 1

Customer 2

Customer 3

Averted $15M in Lost Revenue

Akamai Confidential

©2011 Akamai

Why?

Extortion / Theft


Political Hackitivism

State Sponsored

Traditional Hackers: Glory Hounds

Akamai Confidential

©2011 Akamai

Customer Telemetry


Q2 2011

During LOIC Attacks

Average response time during attack:

0.87 seconds.

Availability during the LOIC attack: 100%

Akamai Confidential

©2011 Akamai

Why?

Extortion / Theft


Political Hackitivism

State Sponsored

Traditional Hackers: Glory Hounds

Akamai Confidential

©2011 Akamai

Bitcoin

Akamai Confidential

©2011 Akamai

Let’s hold somebody ransom (the actual
ransom note)

Your site www.#####.de will be subjected to DDoS
attacks 100
Gbit
/s.


Pay 100
btc
(
bitcoin
) on the account


1ACFJHoB8Z3KDwDn6XdNTEJb6S7VsQiLZG



Do not reply to this email

Akamai Confidential

©2011 Akamai

BitCoin



The attack

Akamai Confidential

©2011 Akamai

Akamai’s response

Akamai Confidential

©2011 Akamai

FBI Attack Warning

The Tip
-
>



The Response
-
>



The Result
-
>