Cyber attacks increasing – keep your domain safe 20th anniversary of .LV HOSTS: Institute of Mathematics and Computer Science VENUE: Radisson Blu Daugava Hotel, Riga, Latvia. 19th April 2013.
Thank you to nic.LV • Inviting me and for working with us. • Congratulations on 20 reliable years, here’s to the next 20 years. • For being an active member of the Domain Name System Infrastructure Resilience (DIR) Task Force – www.DIR.ORG • With financial support from the European Commission - Directorate-General Justice, Freedom and Security; Prevention, Preparedness and Consequence Management of Terrorism and other Security Related Risks Programme. • Cyber-Security is NOT sexy –we’re telling users they are frequently the cause of problems –but being protected is better for them, their employer and wider Internet.
Agenda • What we do • A word from our sponsors! • Growth of Internet access • Broadband access and speeds • Vulnerabilities and attack traffic • Compromised devises, attack vectors and Video – watch carefully, see if you can see some of the tricks. • Why and how do the bad guys use YOU • Using compromised devices is an efficient way to gain information, generate revenue or cause disruption. • How resilient is the Internet • It is as safe as you make it! • References • Any questions.
Real Time Data – 29th Nov 2010 • 12 billion users per day • 1,869 ISPs host CDNS servers. • 160,731,688 names on platform • 636,707 updates on 8th March 2013 • Peaked at 193,000 transactions per second • Capacity is 855 billion per second! www.CDNS.net/live_stats.html
CDNS - Server Locations 55 locations, 48 Countries, 24x7x365 NOCs in UK, USA and Japan, monitoring, serving and blocking malicious traffic for DNS, WEB and other applications
DNS – Reflection attacks • DDoS Increasing • DNSSEC has much larger payload • DNS Amplification attacks increasing • 23rd March 2012 7.6m queries per sec peak, >2m queries per sec for approx 24 hour • Genuine traffic <300,000 queries per second 6
Network monitoring for DNS and more • Improving cyber-security for customers. • Managing Anycast cloud represents approximately 30% of the job and is technically relatively easy. • 70% is network monitoring, looking for “bad” guys who seek to change DNS data or introduce anomalies for personal gain.
European Broadband – July 2012 European Commission Communications Committee - Digital Agenda, July 2012
Broadband lines by speed and country European Commission Communications Committee - Digital Agenda, July 2012
Mobile Broadband - Jan 2009 to July 2012 European Commission Communications Committee - Digital Agenda, July 2012
Year on Year growth - 2011 v 2012 • Attack traffic is increasing dramatically. European Commission DG INFSO, Unit C4: Economical and Statistical Analysis
Total attack types 2012 European Commission DG INFSO, Unit C4: Economical and Statistical Analysis
Home DSL Router vulnerability test results • It works!! -leave it alone • Majority of home users buy their router and do not install security patches. • UK – 19m DSL Routers, 35% compromised, average upstream say 0.5Mbps = DDoS of 3.3Tbps or 3325Gbps
How mail system works…. Message: Broken into Packets, Numbered and dispatched Receiver: Acknowledge receipt, lost packets are resent, Reassembled in order
2011 Denial of Service Attack Vectors • UDP popular “hook” for initiating attacks as is SYN – the TCP three way handshake
2012 Attack vectors • DNS Attacks almost tripled Q1 2011 to Q1 2013 from 2.35% to 4.67%
Top 10 countries - sources of DDoS attacks • UK – has almost 19million home/office Broadband connections.
Compromised Devices by Country Source: Panda Security
ASN – Most used ASN for DDoS • Counterfeit software is NOT patched by supplier therefore vulnerable to compromise.
Work - Bad guys “fish, where fish are!” • In US – 77% of employees use social media during worktime. • 33% of companies have been infected by malware through social media channel • 57% of companies have Policies regulating use • 81% have staff dedicated to monitoring and implementing Policies • 62% do not allow these sites to be accessed • Android smart phone are the new target 37% Panda Labs Q3 2012 Quarterly Report
Why do they do it- Reason for cyber-crime Panda Labs Q3 2012 Quarterly Report
How the “bad guys” corrupt systems Game Apps
How Resilient is the Internet? • Very – BUT …. Progress means things are changing fast…….. • To keep ahead of the bad-guys, needs careful monitoring • Need to check your DNS settings and services regularly • Do not rely on the Public Internet, make good use of private VPN’s that use IP address (IPv4 and IPv6) rather than just standard “name” resolution. • Encrypt private communications – PKI, like PGP etc • Periodically check for inconsistencies such as the way staff terminals use the Internet. • Smart Phones are now the target, so they need scanning where users interact with social media sites and may download viruses to act as Trojan on home and work networks.
References • PHP Vulnerability -Injection Attack • http://security.radware.com/itsoknoproblembro/ • SOAP Vulnerable Products: • https://docs.google.com/spreadsheet/ccc?key=0ApUaRDtAei07dGxkSHN1cEN3V2pmYW4yNkpZMlQ0Rmc#gid=0 • Around 40-50 million network-enabled devices are at risk due to vulnerabilities found in the Universal Plug and Play (UPnP) protocol. • UPnP enables devices such as routers, printers, network-attached storage (NAS), media players and smart TVs to communicate with each other. • http://www.defensecode.com/public/DefenseCode_Broadcom_Security_Advisory.pdf • Java (again) - turn off Java Runtime Environment https://blogs.oracle.com/security/entry/february_2013_critical_patch_update
Happy Birthday nic.LV!!! Paul.Kane@CDNS.net Thank you