what is radware all about? - tacticaledge · radware’s ert research identified it as a hoax case...
TRANSCRIPT
![Page 1: What is Radware all about? - TacticalEdge · Radware’s ERT research identified it as a hoax Case Study - Fighting Cyber-Ransom 6 Multi-National EMEA Bank “With a hybrid DDoS mitigation](https://reader034.vdocuments.us/reader034/viewer/2022042803/5f4b8c3eddfd472d17714cb4/html5/thumbnails/1.jpg)
RSM Colombia & Ecuador
Ataques DDoS
Javier Arango
January 19, 2018
![Page 2: What is Radware all about? - TacticalEdge · Radware’s ERT research identified it as a hoax Case Study - Fighting Cyber-Ransom 6 Multi-National EMEA Bank “With a hybrid DDoS mitigation](https://reader034.vdocuments.us/reader034/viewer/2022042803/5f4b8c3eddfd472d17714cb4/html5/thumbnails/2.jpg)
Los ataques DDoS
![Page 3: What is Radware all about? - TacticalEdge · Radware’s ERT research identified it as a hoax Case Study - Fighting Cyber-Ransom 6 Multi-National EMEA Bank “With a hybrid DDoS mitigation](https://reader034.vdocuments.us/reader034/viewer/2022042803/5f4b8c3eddfd472d17714cb4/html5/thumbnails/3.jpg)
3
http://www.digitalattackmap.com/v1#anim=1&color=0&country=ALL&list=0&time=16435&view=map
![Page 4: What is Radware all about? - TacticalEdge · Radware’s ERT research identified it as a hoax Case Study - Fighting Cyber-Ransom 6 Multi-National EMEA Bank “With a hybrid DDoS mitigation](https://reader034.vdocuments.us/reader034/viewer/2022042803/5f4b8c3eddfd472d17714cb4/html5/thumbnails/4.jpg)
4
Clasificación de ataques DDoS
Volumétricos Semánticos
![Page 5: What is Radware all about? - TacticalEdge · Radware’s ERT research identified it as a hoax Case Study - Fighting Cyber-Ransom 6 Multi-National EMEA Bank “With a hybrid DDoS mitigation](https://reader034.vdocuments.us/reader034/viewer/2022042803/5f4b8c3eddfd472d17714cb4/html5/thumbnails/5.jpg)
41%
27% 26% 26% 24%20% 21%
11%
0%
20%
40%
60%
80%
100%
Ransom Insider Threat Political/Hacktivism Competition Cyberwar Angry users No attacks experienced Motive unknown
MOTIVACIONES DETRÁS DE UN DDOS
![Page 6: What is Radware all about? - TacticalEdge · Radware’s ERT research identified it as a hoax Case Study - Fighting Cyber-Ransom 6 Multi-National EMEA Bank “With a hybrid DDoS mitigation](https://reader034.vdocuments.us/reader034/viewer/2022042803/5f4b8c3eddfd472d17714cb4/html5/thumbnails/6.jpg)
Received valid DDoS threat from Armada Collective
Had 72 hours to pay $16K
Suffered a 360MB teaser DDoS attack
Contacted Radware and got connected to Radware’s Cloud
DDoS Protection Service for volumetric attack protection
Received another Ransom note, this time from LizardSquad
Radware’s ERT research identified it as a hoax
Case Study - Fighting Cyber-Ransom
6
Multi-National EMEA Bank
“With a hybrid DDoS mitigation solution in place, flood attacks had no impact. With automated attack mitigation—including behavioral analysis that delivers continuous visibility and forensics - we will never be left vulnerable to evolving DDoS attacks. “
![Page 7: What is Radware all about? - TacticalEdge · Radware’s ERT research identified it as a hoax Case Study - Fighting Cyber-Ransom 6 Multi-National EMEA Bank “With a hybrid DDoS mitigation](https://reader034.vdocuments.us/reader034/viewer/2022042803/5f4b8c3eddfd472d17714cb4/html5/thumbnails/7.jpg)
Que se requiere lanzar un ataque DDoS?
7
Contratar un servicioConocimiento Básico para
crear tu Botnet
![Page 8: What is Radware all about? - TacticalEdge · Radware’s ERT research identified it as a hoax Case Study - Fighting Cyber-Ransom 6 Multi-National EMEA Bank “With a hybrid DDoS mitigation](https://reader034.vdocuments.us/reader034/viewer/2022042803/5f4b8c3eddfd472d17714cb4/html5/thumbnails/8.jpg)
Desarrollado por Anna-senpai
Mirai = Futuro en Japonés 8
![Page 9: What is Radware all about? - TacticalEdge · Radware’s ERT research identified it as a hoax Case Study - Fighting Cyber-Ransom 6 Multi-National EMEA Bank “With a hybrid DDoS mitigation](https://reader034.vdocuments.us/reader034/viewer/2022042803/5f4b8c3eddfd472d17714cb4/html5/thumbnails/9.jpg)
Liberó el código fuente el 30 de Sept de 2016 en HackForums.net
9
![Page 10: What is Radware all about? - TacticalEdge · Radware’s ERT research identified it as a hoax Case Study - Fighting Cyber-Ransom 6 Multi-National EMEA Bank “With a hybrid DDoS mitigation](https://reader034.vdocuments.us/reader034/viewer/2022042803/5f4b8c3eddfd472d17714cb4/html5/thumbnails/10.jpg)
Primer ataque DDoS volumétrico usando IOT
10
![Page 11: What is Radware all about? - TacticalEdge · Radware’s ERT research identified it as a hoax Case Study - Fighting Cyber-Ransom 6 Multi-National EMEA Bank “With a hybrid DDoS mitigation](https://reader034.vdocuments.us/reader034/viewer/2022042803/5f4b8c3eddfd472d17714cb4/html5/thumbnails/11.jpg)
Uso de fuerza bruta para apoderarse de los equipos
11
![Page 12: What is Radware all about? - TacticalEdge · Radware’s ERT research identified it as a hoax Case Study - Fighting Cyber-Ransom 6 Multi-National EMEA Bank “With a hybrid DDoS mitigation](https://reader034.vdocuments.us/reader034/viewer/2022042803/5f4b8c3eddfd472d17714cb4/html5/thumbnails/12.jpg)
Más de 8 vectores de ataque dispobibles
12
![Page 13: What is Radware all about? - TacticalEdge · Radware’s ERT research identified it as a hoax Case Study - Fighting Cyber-Ransom 6 Multi-National EMEA Bank “With a hybrid DDoS mitigation](https://reader034.vdocuments.us/reader034/viewer/2022042803/5f4b8c3eddfd472d17714cb4/html5/thumbnails/13.jpg)
Telnet es deshabilitado después de la infección
13
![Page 14: What is Radware all about? - TacticalEdge · Radware’s ERT research identified it as a hoax Case Study - Fighting Cyber-Ransom 6 Multi-National EMEA Bank “With a hybrid DDoS mitigation](https://reader034.vdocuments.us/reader034/viewer/2022042803/5f4b8c3eddfd472d17714cb4/html5/thumbnails/14.jpg)
Más de 10 millones de dispositivos infectados
…. Y sigue creciendo cada día 14
![Page 15: What is Radware all about? - TacticalEdge · Radware’s ERT research identified it as a hoax Case Study - Fighting Cyber-Ransom 6 Multi-National EMEA Bank “With a hybrid DDoS mitigation](https://reader034.vdocuments.us/reader034/viewer/2022042803/5f4b8c3eddfd472d17714cb4/html5/thumbnails/15.jpg)
CONTRATANDO UN ATAQUE DDOS EN LA DARKNET
![Page 16: What is Radware all about? - TacticalEdge · Radware’s ERT research identified it as a hoax Case Study - Fighting Cyber-Ransom 6 Multi-National EMEA Bank “With a hybrid DDoS mitigation](https://reader034.vdocuments.us/reader034/viewer/2022042803/5f4b8c3eddfd472d17714cb4/html5/thumbnails/16.jpg)
16
COMPRA DE BITCOINS
![Page 17: What is Radware all about? - TacticalEdge · Radware’s ERT research identified it as a hoax Case Study - Fighting Cyber-Ransom 6 Multi-National EMEA Bank “With a hybrid DDoS mitigation](https://reader034.vdocuments.us/reader034/viewer/2022042803/5f4b8c3eddfd472d17714cb4/html5/thumbnails/17.jpg)
How to access the Darknet?
TOR I2P
Software The Onion Router Invisible Internet Project
Two Dark-net Types
Anonymity Friend-to-Friend
UsesPrivacy / Hidden
Services File sharing
![Page 18: What is Radware all about? - TacticalEdge · Radware’s ERT research identified it as a hoax Case Study - Fighting Cyber-Ransom 6 Multi-National EMEA Bank “With a hybrid DDoS mitigation](https://reader034.vdocuments.us/reader034/viewer/2022042803/5f4b8c3eddfd472d17714cb4/html5/thumbnails/18.jpg)
Type of Darknet – Friend-to-Friend – I2P
Data encapsulated in layers of encryptionBundling multiple messages togetherUnidirectional tunnels
![Page 19: What is Radware all about? - TacticalEdge · Radware’s ERT research identified it as a hoax Case Study - Fighting Cyber-Ransom 6 Multi-National EMEA Bank “With a hybrid DDoS mitigation](https://reader034.vdocuments.us/reader034/viewer/2022042803/5f4b8c3eddfd472d17714cb4/html5/thumbnails/19.jpg)
![Page 20: What is Radware all about? - TacticalEdge · Radware’s ERT research identified it as a hoax Case Study - Fighting Cyber-Ransom 6 Multi-National EMEA Bank “With a hybrid DDoS mitigation](https://reader034.vdocuments.us/reader034/viewer/2022042803/5f4b8c3eddfd472d17714cb4/html5/thumbnails/20.jpg)
Type of Darknet – Anonymity - Tor
Data encapsulated in layers of encryptionEach layer reveals the next relayFinal layer sends data to destinationBi-Directional
Source
Message
Router C
Router B
Router A
Destination
![Page 21: What is Radware all about? - TacticalEdge · Radware’s ERT research identified it as a hoax Case Study - Fighting Cyber-Ransom 6 Multi-National EMEA Bank “With a hybrid DDoS mitigation](https://reader034.vdocuments.us/reader034/viewer/2022042803/5f4b8c3eddfd472d17714cb4/html5/thumbnails/21.jpg)
![Page 22: What is Radware all about? - TacticalEdge · Radware’s ERT research identified it as a hoax Case Study - Fighting Cyber-Ransom 6 Multi-National EMEA Bank “With a hybrid DDoS mitigation](https://reader034.vdocuments.us/reader034/viewer/2022042803/5f4b8c3eddfd472d17714cb4/html5/thumbnails/22.jpg)
22
CREAR CUENTA EN UN PORTAL DE DARKNET
This page will not be displayed on every visit, but only during possible DDoS periods
![Page 23: What is Radware all about? - TacticalEdge · Radware’s ERT research identified it as a hoax Case Study - Fighting Cyber-Ransom 6 Multi-National EMEA Bank “With a hybrid DDoS mitigation](https://reader034.vdocuments.us/reader034/viewer/2022042803/5f4b8c3eddfd472d17714cb4/html5/thumbnails/23.jpg)
23
TRANSFERIR LOS BITCOINS A SU CUENTA DE DARKNET
![Page 24: What is Radware all about? - TacticalEdge · Radware’s ERT research identified it as a hoax Case Study - Fighting Cyber-Ransom 6 Multi-National EMEA Bank “With a hybrid DDoS mitigation](https://reader034.vdocuments.us/reader034/viewer/2022042803/5f4b8c3eddfd472d17714cb4/html5/thumbnails/24.jpg)
24
CONTRATAR EL SERVICIO
![Page 25: What is Radware all about? - TacticalEdge · Radware’s ERT research identified it as a hoax Case Study - Fighting Cyber-Ransom 6 Multi-National EMEA Bank “With a hybrid DDoS mitigation](https://reader034.vdocuments.us/reader034/viewer/2022042803/5f4b8c3eddfd472d17714cb4/html5/thumbnails/25.jpg)
25
SITIO ABAJO!!
![Page 26: What is Radware all about? - TacticalEdge · Radware’s ERT research identified it as a hoax Case Study - Fighting Cyber-Ransom 6 Multi-National EMEA Bank “With a hybrid DDoS mitigation](https://reader034.vdocuments.us/reader034/viewer/2022042803/5f4b8c3eddfd472d17714cb4/html5/thumbnails/26.jpg)
RENTAR UNA BOTNET
Mirai attack vectors
![Page 27: What is Radware all about? - TacticalEdge · Radware’s ERT research identified it as a hoax Case Study - Fighting Cyber-Ransom 6 Multi-National EMEA Bank “With a hybrid DDoS mitigation](https://reader034.vdocuments.us/reader034/viewer/2022042803/5f4b8c3eddfd472d17714cb4/html5/thumbnails/27.jpg)
ALPHABAY FUE DESMANTELADO
ACA LA BUENA NOTICIA
27
![Page 28: What is Radware all about? - TacticalEdge · Radware’s ERT research identified it as a hoax Case Study - Fighting Cyber-Ransom 6 Multi-National EMEA Bank “With a hybrid DDoS mitigation](https://reader034.vdocuments.us/reader034/viewer/2022042803/5f4b8c3eddfd472d17714cb4/html5/thumbnails/28.jpg)
ACA LA MALA
28
► Agora: http://agorahooawayyfoe.onion/register/JdJrS8rRkE► Abraxas: http://abraxasdegupusel.onion/register/SizwgcNn6K► Dream Market: http://lchudifyeqm4ldjj.onion/?ai=28671► AlphaBay: http://pwoah7foa6au2pul.onion/affiliate.php?aff=3173► Mr. Nice Guy: http://niceguyfa3xkuuoq.onion/session/register/D66083
![Page 29: What is Radware all about? - TacticalEdge · Radware’s ERT research identified it as a hoax Case Study - Fighting Cyber-Ransom 6 Multi-National EMEA Bank “With a hybrid DDoS mitigation](https://reader034.vdocuments.us/reader034/viewer/2022042803/5f4b8c3eddfd472d17714cb4/html5/thumbnails/29.jpg)
Y AHÍ MUCHOS OTROS EN LA SURFACE WEB...
![Page 30: What is Radware all about? - TacticalEdge · Radware’s ERT research identified it as a hoax Case Study - Fighting Cyber-Ransom 6 Multi-National EMEA Bank “With a hybrid DDoS mitigation](https://reader034.vdocuments.us/reader034/viewer/2022042803/5f4b8c3eddfd472d17714cb4/html5/thumbnails/30.jpg)
Botnet con Zyklon
• Se vende como servicio en la Darknet
• Infecta otros equipos por medio de Phising.
• Los precios varían desde USD75 a USD125.
• Entre los vectores que soportan están inundaciones de tipo: HTTP, UDP, TCP, SYN y Slowloris.
30
![Page 31: What is Radware all about? - TacticalEdge · Radware’s ERT research identified it as a hoax Case Study - Fighting Cyber-Ransom 6 Multi-National EMEA Bank “With a hybrid DDoS mitigation](https://reader034.vdocuments.us/reader034/viewer/2022042803/5f4b8c3eddfd472d17714cb4/html5/thumbnails/31.jpg)
RENTA DE BOTNETS
31
![Page 32: What is Radware all about? - TacticalEdge · Radware’s ERT research identified it as a hoax Case Study - Fighting Cyber-Ransom 6 Multi-National EMEA Bank “With a hybrid DDoS mitigation](https://reader034.vdocuments.us/reader034/viewer/2022042803/5f4b8c3eddfd472d17714cb4/html5/thumbnails/32.jpg)
Parrot OS Attack Tool
• Similar a Kali Linux:• DNS• NTP• SNMP• SSDP
=> Todos son ataques reflectivos
32
![Page 33: What is Radware all about? - TacticalEdge · Radware’s ERT research identified it as a hoax Case Study - Fighting Cyber-Ransom 6 Multi-National EMEA Bank “With a hybrid DDoS mitigation](https://reader034.vdocuments.us/reader034/viewer/2022042803/5f4b8c3eddfd472d17714cb4/html5/thumbnails/33.jpg)
Shenron Attack Tool
• Servicios públicos de Lizard Squads
• 19,99$ => 15Gb de ataques por 1200 segundos.– DNS
– SNMP
– SYN
33
![Page 34: What is Radware all about? - TacticalEdge · Radware’s ERT research identified it as a hoax Case Study - Fighting Cyber-Ransom 6 Multi-National EMEA Bank “With a hybrid DDoS mitigation](https://reader034.vdocuments.us/reader034/viewer/2022042803/5f4b8c3eddfd472d17714cb4/html5/thumbnails/34.jpg)
VDoS Attack Tool
• Una de las más populares
• 19,99 puedes lanzar un ataque de 216Gbps
• DNS, NTP, ESSYN, xSYN, TS3, TCP-ACK, Dominate, VSE, SNMP, PPS, Portmap and TCP-Amp
• Una de las herramientas usadas en la campaña de ProtoMail.
34
![Page 35: What is Radware all about? - TacticalEdge · Radware’s ERT research identified it as a hoax Case Study - Fighting Cyber-Ransom 6 Multi-National EMEA Bank “With a hybrid DDoS mitigation](https://reader034.vdocuments.us/reader034/viewer/2022042803/5f4b8c3eddfd472d17714cb4/html5/thumbnails/35.jpg)
1. Register and activate an Amazon EC2 account
Cuenta con servicios gratuitos. Una vez tenga la cuenta,
configuro dos (2) servidores: Wordpress backend y
PhantomJS headless browser.
Amazon como plataforma para ataques DDoS
35
![Page 36: What is Radware all about? - TacticalEdge · Radware’s ERT research identified it as a hoax Case Study - Fighting Cyber-Ransom 6 Multi-National EMEA Bank “With a hybrid DDoS mitigation](https://reader034.vdocuments.us/reader034/viewer/2022042803/5f4b8c3eddfd472d17714cb4/html5/thumbnails/36.jpg)
2. Set up a headless-browser server
(Ubuntu Linux or PhantomJS) on Amazon
https://hub.docker.com/r/rosenhouse/phantomjs2/
Amazon como plataforma para ataques DDoS
36
![Page 37: What is Radware all about? - TacticalEdge · Radware’s ERT research identified it as a hoax Case Study - Fighting Cyber-Ransom 6 Multi-National EMEA Bank “With a hybrid DDoS mitigation](https://reader034.vdocuments.us/reader034/viewer/2022042803/5f4b8c3eddfd472d17714cb4/html5/thumbnails/37.jpg)
3. Write an automated script for dynamically rotating the
headless-browser IP address
En 15 minutos de ejecución del script, se asignaron 300 IP
únicas.
Amazon como plataforma para ataques DDoS
37
![Page 38: What is Radware all about? - TacticalEdge · Radware’s ERT research identified it as a hoax Case Study - Fighting Cyber-Ransom 6 Multi-National EMEA Bank “With a hybrid DDoS mitigation](https://reader034.vdocuments.us/reader034/viewer/2022042803/5f4b8c3eddfd472d17714cb4/html5/thumbnails/38.jpg)
Resultado: Flood de HTTP con IP Dinámicas, desde un único origen, simulando un browser real.
38
![Page 39: What is Radware all about? - TacticalEdge · Radware’s ERT research identified it as a hoax Case Study - Fighting Cyber-Ransom 6 Multi-National EMEA Bank “With a hybrid DDoS mitigation](https://reader034.vdocuments.us/reader034/viewer/2022042803/5f4b8c3eddfd472d17714cb4/html5/thumbnails/39.jpg)
Síntomas de DDoS
Lentitud sin causa en los sistemas sin causa evidente.
Saturación del canal de Internet.
Intermitencia de los servicios.
Sobrecarga de los servidores o equipos de red.
39
![Page 40: What is Radware all about? - TacticalEdge · Radware’s ERT research identified it as a hoax Case Study - Fighting Cyber-Ransom 6 Multi-National EMEA Bank “With a hybrid DDoS mitigation](https://reader034.vdocuments.us/reader034/viewer/2022042803/5f4b8c3eddfd472d17714cb4/html5/thumbnails/40.jpg)
Como Protegerse?
40
DE VERDAD CREEN QUE ES ASI DE FACIL?
![Page 41: What is Radware all about? - TacticalEdge · Radware’s ERT research identified it as a hoax Case Study - Fighting Cyber-Ransom 6 Multi-National EMEA Bank “With a hybrid DDoS mitigation](https://reader034.vdocuments.us/reader034/viewer/2022042803/5f4b8c3eddfd472d17714cb4/html5/thumbnails/41.jpg)