Slideshow: Q3 2014 SSDP UPnP Devices DDoS Attacks from StateoftheInternet.com - PowerPoint PPT Presentation

About This Presentation
Title:

Slideshow: Q3 2014 SSDP UPnP Devices DDoS Attacks from StateoftheInternet.com

Description:

Unmonitored routers, wearables and other Internet-enabled devices give cybercriminals a new means of DDoS attack. Learn how SSDP and UPnP protocols leave these devices open to abuse and find out what you can do to protect your organization. View this short presentation, and then get all the details from the full Q3 2014 State of the Internet – Security report at – PowerPoint PPT presentation

Number of Views:47
Slides: 11
Provided by: AkamaiAkamai
Category: Other

less

Transcript and Presenter's Notes

Title: Slideshow: Q3 2014 SSDP UPnP Devices DDoS Attacks from StateoftheInternet.com


1
Q3 2014 State of the InternetSecurity Report
  • Case Study

2
Botnets of New Types of Devices
  • As system hardening tactics and protection for
    PCs and servers have strengthened, attackers have
    shifted their attention to a new class of devices
    for building DDoS botnets
  • Commercial routers
  • Customer-premise equipment (CPEs)
  • Mobile handheld devices
  • Video conference devices
  • Internet of Things (IoT) devices
  • A DDoS botnet can leverage thousands of
    low-bandwidth devices for a large attack

3
Unmanaged and Unmonitored Devices
  • Several factors make Internet-enabled embedded
    devices vulnerable to abuse
  • Insecure configurations
  • Outdated firmware
  • Lack of management and user interface to correct
    and update security issues
  • Lack of detection mechanisms
  • Unrestricted uploads
  • With more than160 million wireless access points
    worldwide, these vulnerabilities represent a
    significant risk

4
SSDP Reflection Attacks
  • A recently discovered botnet development tool
    crafted to probe and find devices using the
    Simple Service Discovery Protocol (SSDP) reveals
    a powerful new attack vector
  • SSDP permits networked devices to find each other
    and establish a network connection
  • Scans have discovered more than 17 million
    SSDP-enabled devices
  • Malicious actors target these devices for
    reflection and amplification attacks

5
Devices Using SSDP
  • SSDP is the basis of the discovery protocol of
    Universal Plug and Play (UPnP)
  • SSDP is enabled on millions of Internet-connected
    devices
  • Routers
  • Network cameras
  • Smart TVs
  • Desktop computers
  • Laptops
  • Akamai research reveals that 38 percent of such
    devices in use may be susceptible to abuse

6
Highlighted Campaign
  • This new class of devices supports larger, more
    complex attacks
  • High bandwidth consumption 215 Gbps
  • Processing power consumption 150 Mpps
  • Geographical distribution U.S., Europe, and Asia
  • Almost 10 percent of IP addresses involved
    customer premises equipment devices (CPEs) with
    payloads that matched the Spike DDoS Toolkit

7
Geographical Dispersion of Source IPs
This figure shows the distribution of source IPs
from a Q3 2014 attack. The new class of devices
allows wider geographic distribution of attack
sources, which creates greater complexity when
mitigating DDoS campaigns.
8
DDoS Mitigation and Community Action
  • Mitigation is needed at both the device level and
    the administrator level
  • Security must be a fundamental part in the
    development of device firmware and applications
  • Mechanisms must be available to update and patch
    systems that will eventually fall vulnerable over
    their lifecycle
  • Industrywide collaboration is necessary to
    address this growing threat
  • Hardware vendors and software developers are
    needed to address the cleanup, mitigation and
    management of current and potential
    vulnerabilities during the lifecycle of these
    devices

9
Q3 2014 State of the Internet Security Report
  • Download the Q3 2014 State of the Internet
    Security Report, which includes
  • Analysis of DDoS attack trends
  • Bandwidth (Gbps) and volume (Mpps) statistics
  • Year-over-year and quarter-by-quarter analysis
  • Application layer attacks and infrastructure
    attacks
  • Attack frequency, size and sources
  • Where and when DDoSers strike
  • How and why attackers are building DDoS botnets
    from devices other than PCs and servers
  • Details of a record-breaking 321 Gbps DDoS attack
  • Syrian Electronic Army (SEA) phishing attacks
  • More at www.stateoftheinternet.com/security-report
    s

10
About stateoftheinternet.com
  • StateoftheInternet.com, brought to you by Akamai,
    serves as the home for content and information
    intended to provide an informed view into online
    connectivity and cybersecurity trends as well as
    related metrics, including Internet connection
    speeds, broadband adoption, mobile usage,
    outages, and cyber-attacks and threats.
  • Visitors to www.stateoftheinternet.com can find
    current and archived versions of Akamais State
    of the Internet (Connectivity and Security)
    reports, the companys data visualizations, and
    other resources designed to put context around
    the ever-changing Internet landscape.
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "Slideshow: Q3 2014 SSDP UPnP Devices DDoS Attacks from StateoftheInternet.com" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!