INTELLIGENT BRANDS // Enterprise Security
• USA, France and Great Britain are the top
targets for attacks over 10Gbps
As Arbor’s Security Engineering & Research
Team (ASERT) recently documented,
large DDoS attacks do not require the use
of reflection amplification techniques.
LizardStresser, an IoT botnet was used to
launch attacks as large as 400Gbps targeting
gaming sites worldwide, Brazilian financial
institutions, ISPs and government institutions.
According to ASERT, the attack packets do not
appear to be from spoofed source addresses –
and no UDP-based amplification protocols such
as NTP or SNMP were used.
When average is a problem
A 1 Gbps DDoS attack is large enough to take
most organisations completely off line.
• Average attack size in 1H 2016 was
986Mbps, a 30% increase over 2015
• Average attack size is projected to be
1.15Gbps by end of 2016.
“The data demonstrates the need for hybrid, or
multi-layer DDoS defence,” said Darren Anstee,
Arbor Networks Chief Security Technologist.
“High bandwidth attacks can only be mitigated
in the cloud, away from the intended target.
However, despite massive growth in attack
size at the top end, 80% of all attacks are still
less than 1Gbps and 90% last less than one
hour. On-premise protection provides the rapid
reaction needed and is key against “low and
slow” application-layer attacks, as well as state
exhaustion attacks targeting infrastructure such
as firewalls and IPS.”
A time for reflection
Reflection amplification is a technique that
allows an attacker to both magnify the amount
of traffic they can generate, and obfuscate the
original sources of that attack traffic. As a result,
the majority of recent large attacks leverage
this technique using DNS servers, Network Time
Protocol (NTP), Chargen and Simple Service
Discovery Protocol (SSDP). As a result, in 1H
2016:
• DNS is the most prevalent protocol used in
2016, taking over from NTP and SSDP in
2015
• Average size of DNS reflection amplification
attacks growing strongly
• Peak monitored reflection amplification
attack size in 1H 2016 was 480Gbps (DNS).
64
INTELLIGENTCIO
At a glance…
Kaspersky Lab tracks 100+
globally sophisticated
malicious campaigns
There used to only be
dozens of threat actors, but
the Kaspersky Lab Global
Research and Analysis team
now tracks the activity of
more than a hundred threat
actors and sophisticated
malicious operations targeting
commercial and government
organisations in 85 countries.
The growing numbers show
that sophisticated threat actors are actively improving and
extending their arsenal, and a lot of new actors are coming to the
stage, significantly raising the overall levels of danger.
Targeted attacks are not an elite activity anymore. While in
previous years this kind of operation would require a lot of
specialists with specific skills and a lot of funding, nowadays
Kaspersky Lab researchers are observing the emergence of smaller
– and not necessarily sophisticated – yet efficient cyber espionage
campaigns. These groups are hunting for sensitive information,
which can be used to gain geopolitical advantages or even sold to
anyone willing to pay.
Based on the analysis of the intelligence gathered on these
campaigns, Kaspersky Lab researchers have been able to create
a top list of organisations, which are more at risk than others
of becoming a target of cyber espionage, or a sophisticated
cybercriminal operation.
Targeted attacks are a major problem because the tactics of
almost any of the existing groups involve utilising tools that
overcome traditional endpoint and network protection solutions.
Even if solutions are effective in regards to usual, and some
sophisticated, malware, they cannot provide a 100% detection
guarantee when it comes to targeted attacks. This is because
actors behind sophisticated campaigns are professionals in social
engineering, they may use zero-day vulnerabilities, and they’re
increasingly using legitimate tools for remote access instead
of actual malware. That is why reliable security software in a
corporate IT infrastructure must be accompanied by intelligence
nowadays – security teams need to be backed up with expertise,
so that they know when to be alarmed, and what clues to look for
if their organisation becomes a threat actor target.
www.intelligentcio.com