Title: Slideshow: Q3 2014 SSDP UPnP Devices DDoS Attacks from StateoftheInternet.com
1Q3 2014 State of the InternetSecurity Report
2Botnets of New Types of Devices
- As system hardening tactics and protection for
PCs and servers have strengthened, attackers have
shifted their attention to a new class of devices
for building DDoS botnets - Commercial routers
- Customer-premise equipment (CPEs)
- Mobile handheld devices
- Video conference devices
- Internet of Things (IoT) devices
- A DDoS botnet can leverage thousands of
low-bandwidth devices for a large attack
3Unmanaged and Unmonitored Devices
- Several factors make Internet-enabled embedded
devices vulnerable to abuse - Insecure configurations
- Outdated firmware
- Lack of management and user interface to correct
and update security issues - Lack of detection mechanisms
- Unrestricted uploads
- With more than160 million wireless access points
worldwide, these vulnerabilities represent a
significant risk
4SSDP Reflection Attacks
- A recently discovered botnet development tool
crafted to probe and find devices using the
Simple Service Discovery Protocol (SSDP) reveals
a powerful new attack vector - SSDP permits networked devices to find each other
and establish a network connection - Scans have discovered more than 17 million
SSDP-enabled devices - Malicious actors target these devices for
reflection and amplification attacks
5Devices Using SSDP
- SSDP is the basis of the discovery protocol of
Universal Plug and Play (UPnP) - SSDP is enabled on millions of Internet-connected
devices - Routers
- Network cameras
- Smart TVs
- Desktop computers
- Laptops
- Akamai research reveals that 38 percent of such
devices in use may be susceptible to abuse
6Highlighted Campaign
- This new class of devices supports larger, more
complex attacks - High bandwidth consumption 215 Gbps
- Processing power consumption 150 Mpps
- Geographical distribution U.S., Europe, and Asia
- Almost 10 percent of IP addresses involved
customer premises equipment devices (CPEs) with
payloads that matched the Spike DDoS Toolkit
7Geographical Dispersion of Source IPs
This figure shows the distribution of source IPs
from a Q3 2014 attack. The new class of devices
allows wider geographic distribution of attack
sources, which creates greater complexity when
mitigating DDoS campaigns.
8DDoS Mitigation and Community Action
- Mitigation is needed at both the device level and
the administrator level - Security must be a fundamental part in the
development of device firmware and applications - Mechanisms must be available to update and patch
systems that will eventually fall vulnerable over
their lifecycle - Industrywide collaboration is necessary to
address this growing threat - Hardware vendors and software developers are
needed to address the cleanup, mitigation and
management of current and potential
vulnerabilities during the lifecycle of these
devices
9Q3 2014 State of the Internet Security Report
- Download the Q3 2014 State of the Internet
Security Report, which includes - Analysis of DDoS attack trends
- Bandwidth (Gbps) and volume (Mpps) statistics
- Year-over-year and quarter-by-quarter analysis
- Application layer attacks and infrastructure
attacks - Attack frequency, size and sources
- Where and when DDoSers strike
- How and why attackers are building DDoS botnets
from devices other than PCs and servers - Details of a record-breaking 321 Gbps DDoS attack
- Syrian Electronic Army (SEA) phishing attacks
- More at www.stateoftheinternet.com/security-report
s
10About stateoftheinternet.com
- StateoftheInternet.com, brought to you by Akamai,
serves as the home for content and information
intended to provide an informed view into online
connectivity and cybersecurity trends as well as
related metrics, including Internet connection
speeds, broadband adoption, mobile usage,
outages, and cyber-attacks and threats. - Visitors to www.stateoftheinternet.com can find
current and archived versions of Akamais State
of the Internet (Connectivity and Security)
reports, the companys data visualizations, and
other resources designed to put context around
the ever-changing Internet landscape.