![Page 1: DDoS Fallacies v2 - FKTG · Misapprehension on attack complexity “To mitigate a DDOS Attack I don’t need an expert.” “DDoS- Attacks are simple and not sophisticated.” “These](https://reader036.vdocuments.net/reader036/viewer/2022081400/5f0b3c947e708231d42f8511/html5/thumbnails/1.jpg)
©2016 AKAMAI | FASTER FORWARDTMAkamai Confidential
Introduction to & Fallacies in Mitigation
Stefan MardakEnterprise Security Architect
DDoS attacks
![Page 2: DDoS Fallacies v2 - FKTG · Misapprehension on attack complexity “To mitigate a DDOS Attack I don’t need an expert.” “DDoS- Attacks are simple and not sophisticated.” “These](https://reader036.vdocuments.net/reader036/viewer/2022081400/5f0b3c947e708231d42f8511/html5/thumbnails/2.jpg)
©2016 AKAMAI | FASTER FORWARDTMAkamai Confidential
Grow revenue opportunities with fast, personalized web experiences and manage complexity from peak demand, mobile devices and data collection.
©2015 AKAMAI | FASTER FORWARDTM
Running over the platform is our Intelligent software that enables high-performing and secure web experiences, to any device, anywhere.
Akamai Solutions
WEB PERFORMANCE
Web users
MEDIA DELIVERY
Web users
CLOUD SECURITY
Cloud and Data center infrastructure
CLOUD NETWORKING
Branch users
![Page 3: DDoS Fallacies v2 - FKTG · Misapprehension on attack complexity “To mitigate a DDOS Attack I don’t need an expert.” “DDoS- Attacks are simple and not sophisticated.” “These](https://reader036.vdocuments.net/reader036/viewer/2022081400/5f0b3c947e708231d42f8511/html5/thumbnails/3.jpg)
©2016 AKAMAI | FASTER FORWARDTMAkamai Confidential
Akamai Trusted Security Advisor
The Platform• 220,000+ Servers• 1300+ Networks• 110+ Countries• 30% of all web traffic
The Security Data
• 2 trillion web hits per day• Tens of millions of unique IP addresses seen
daily• 600k security daily log lines/sec• 2 PB of security data
Managed Security Services
DNS• Avalaibilty• Performance• Security• Enterprise Threat Manager
Web application Firewall
5 SoC’s• 7 Scrubbing Center’s• 200 Security Engineers• R&D Team• CERT Team
Client Reputation Feed
DDOS PROTECTION• DDOS Defense on Layer 7
combined with Web acceleration• DDOS defense on all layers
API protection
Bot Management
![Page 4: DDoS Fallacies v2 - FKTG · Misapprehension on attack complexity “To mitigate a DDOS Attack I don’t need an expert.” “DDoS- Attacks are simple and not sophisticated.” “These](https://reader036.vdocuments.net/reader036/viewer/2022081400/5f0b3c947e708231d42f8511/html5/thumbnails/4.jpg)
©2016 AKAMAI | FASTER FORWARDTMAkamai Confidential
DDoS Attack: How does it work?
During a Distributed Denial of Service (DDoS) attack,[compromised] hosts or bots coming from distributed sources overwhelm the target with [il]legitimate traffic so that the servers cannot respond to legitimate clients.è Critical services are no longer available!
![Page 5: DDoS Fallacies v2 - FKTG · Misapprehension on attack complexity “To mitigate a DDOS Attack I don’t need an expert.” “DDoS- Attacks are simple and not sophisticated.” “These](https://reader036.vdocuments.net/reader036/viewer/2022081400/5f0b3c947e708231d42f8511/html5/thumbnails/5.jpg)
©2016 AKAMAI | FASTER FORWARDTMAkamai Confidential 5
DDoS Attack-Types & Targets
Attack TrafficGood Traffic
ISP 2
ISP 1
ISP n
Backbone
TargetApplications &
Services
FirewallIPS
LoadBalancer
DATA CENTER
Volumetric, state-exhaustion and application-layer attacks can bring down critical data center services
![Page 6: DDoS Fallacies v2 - FKTG · Misapprehension on attack complexity “To mitigate a DDOS Attack I don’t need an expert.” “DDoS- Attacks are simple and not sophisticated.” “These](https://reader036.vdocuments.net/reader036/viewer/2022081400/5f0b3c947e708231d42f8511/html5/thumbnails/6.jpg)
©2016 AKAMAI | FASTER FORWARDTMAkamai Confidential 6
DDoS Attack-Types & Targets
Attack TrafficGood Traffic
ISP 2
ISP 1
ISP n
Backbone
TargetApplications &
Services
FirewallIPS
LoadBalancer
DATA CENTER
Volumetric, state-exhaustion and application-layer attacks can bring down critical data center services
SATURATION
e.g.:Volumetric /FloodingAttack
![Page 7: DDoS Fallacies v2 - FKTG · Misapprehension on attack complexity “To mitigate a DDOS Attack I don’t need an expert.” “DDoS- Attacks are simple and not sophisticated.” “These](https://reader036.vdocuments.net/reader036/viewer/2022081400/5f0b3c947e708231d42f8511/html5/thumbnails/7.jpg)
©2016 AKAMAI | FASTER FORWARDTMAkamai Confidential 7
Attack TrafficGood Traffic
ISP 2
ISP 1
ISP n
Backbone
TargetApplications &
Services
FirewallIPS
LoadBalancer
DATA CENTER
Volumetric, state-exhaustion and application-layer attacks can bring down critical data center services
Exhaustion of STATE
e.g:Layer 4-7 /State / ConnectionAttack
SATURATION
e.g.:Volumetric /FloodingAttack
DDoS Attack-Types & Targets
![Page 8: DDoS Fallacies v2 - FKTG · Misapprehension on attack complexity “To mitigate a DDOS Attack I don’t need an expert.” “DDoS- Attacks are simple and not sophisticated.” “These](https://reader036.vdocuments.net/reader036/viewer/2022081400/5f0b3c947e708231d42f8511/html5/thumbnails/8.jpg)
©2016 AKAMAI | FASTER FORWARDTMAkamai Confidential 8
Attack TrafficGood Traffic
ISP 2
ISP 1
ISP n
Backbone
TargetApplications &
Services
FirewallIPS
LoadBalancer
DATA CENTER
Volumetric, state-exhaustion and application-layer attacks can bring down critical data center services
Exhaustion of STATE
Layer 4/ State / Connection Attack
Exhaustion of SERVICE
Layer 7 /Application-Layer /Slow&Low Attack
SATURATION
Layer 3/ Volumetric /Flooding Attack
DDoS Attack-Types & Targets
![Page 9: DDoS Fallacies v2 - FKTG · Misapprehension on attack complexity “To mitigate a DDOS Attack I don’t need an expert.” “DDoS- Attacks are simple and not sophisticated.” “These](https://reader036.vdocuments.net/reader036/viewer/2022081400/5f0b3c947e708231d42f8511/html5/thumbnails/9.jpg)
©2016 AKAMAI | FASTER FORWARDTMAkamai Confidential
DDOS Attackers: Who are they?
![Page 10: DDoS Fallacies v2 - FKTG · Misapprehension on attack complexity “To mitigate a DDOS Attack I don’t need an expert.” “DDoS- Attacks are simple and not sophisticated.” “These](https://reader036.vdocuments.net/reader036/viewer/2022081400/5f0b3c947e708231d42f8511/html5/thumbnails/10.jpg)
©2016 AKAMAI | FASTER FORWARDTMAkamai Confidential
Actors: For Hire
![Page 11: DDoS Fallacies v2 - FKTG · Misapprehension on attack complexity “To mitigate a DDOS Attack I don’t need an expert.” “DDoS- Attacks are simple and not sophisticated.” “These](https://reader036.vdocuments.net/reader036/viewer/2022081400/5f0b3c947e708231d42f8511/html5/thumbnails/11.jpg)
©2016 AKAMAI | FASTER FORWARDTMAkamai Confidential
Current(ish) prices on the Russian underground market:
Hacking corporate mailbox: $500
Winlocker ransomware: $10-20
Intelligent exploit bundle: $10-$3,000
Hiring a DDoS attack: $30-$70/day, $1,200/month
Botnet: $200 for 2,000 bots
DDoS botnet: $700
![Page 12: DDoS Fallacies v2 - FKTG · Misapprehension on attack complexity “To mitigate a DDOS Attack I don’t need an expert.” “DDoS- Attacks are simple and not sophisticated.” “These](https://reader036.vdocuments.net/reader036/viewer/2022081400/5f0b3c947e708231d42f8511/html5/thumbnails/12.jpg)
©2016 AKAMAI | FASTER FORWARDTMAkamai Confidential
![Page 13: DDoS Fallacies v2 - FKTG · Misapprehension on attack complexity “To mitigate a DDOS Attack I don’t need an expert.” “DDoS- Attacks are simple and not sophisticated.” “These](https://reader036.vdocuments.net/reader036/viewer/2022081400/5f0b3c947e708231d42f8511/html5/thumbnails/13.jpg)
©2016 AKAMAI | FASTER FORWARDTMAkamai Confidential
Actors: Bored Kids
![Page 14: DDoS Fallacies v2 - FKTG · Misapprehension on attack complexity “To mitigate a DDOS Attack I don’t need an expert.” “DDoS- Attacks are simple and not sophisticated.” “These](https://reader036.vdocuments.net/reader036/viewer/2022081400/5f0b3c947e708231d42f8511/html5/thumbnails/14.jpg)
©2016 AKAMAI | FASTER FORWARDTMAkamai Confidential
B O R E D T E E N SAND
https://www.flickr.com/photos/ardinhasaphotography/8484164608/sizes/l
![Page 15: DDoS Fallacies v2 - FKTG · Misapprehension on attack complexity “To mitigate a DDOS Attack I don’t need an expert.” “DDoS- Attacks are simple and not sophisticated.” “These](https://reader036.vdocuments.net/reader036/viewer/2022081400/5f0b3c947e708231d42f8511/html5/thumbnails/15.jpg)
©2016 AKAMAI | FASTER FORWARDTMAkamai Confidential
H A C K T I V I S T STHE
![Page 16: DDoS Fallacies v2 - FKTG · Misapprehension on attack complexity “To mitigate a DDOS Attack I don’t need an expert.” “DDoS- Attacks are simple and not sophisticated.” “These](https://reader036.vdocuments.net/reader036/viewer/2022081400/5f0b3c947e708231d42f8511/html5/thumbnails/16.jpg)
©2016 AKAMAI | FASTER FORWARDTMAkamai Confidential
Actors: Nation States
![Page 17: DDoS Fallacies v2 - FKTG · Misapprehension on attack complexity “To mitigate a DDOS Attack I don’t need an expert.” “DDoS- Attacks are simple and not sophisticated.” “These](https://reader036.vdocuments.net/reader036/viewer/2022081400/5f0b3c947e708231d42f8511/html5/thumbnails/17.jpg)
©2016 AKAMAI | FASTER FORWARDTMAkamai Confidential
S T A N D A R D V I L L A I N STHERE ARE
![Page 18: DDoS Fallacies v2 - FKTG · Misapprehension on attack complexity “To mitigate a DDOS Attack I don’t need an expert.” “DDoS- Attacks are simple and not sophisticated.” “These](https://reader036.vdocuments.net/reader036/viewer/2022081400/5f0b3c947e708231d42f8511/html5/thumbnails/18.jpg)
©2016 AKAMAI | FASTER FORWARDTMAkamai Confidential
A R C H V I L L A I N SAND THERE ARE
![Page 19: DDoS Fallacies v2 - FKTG · Misapprehension on attack complexity “To mitigate a DDOS Attack I don’t need an expert.” “DDoS- Attacks are simple and not sophisticated.” “These](https://reader036.vdocuments.net/reader036/viewer/2022081400/5f0b3c947e708231d42f8511/html5/thumbnails/19.jpg)
©2016 AKAMAI | FASTER FORWARDTMAkamai Confidential
Commoditization of DDoS
https://www.flickr.com/photos/trophygeek/7309935684/sizes/l
![Page 20: DDoS Fallacies v2 - FKTG · Misapprehension on attack complexity “To mitigate a DDOS Attack I don’t need an expert.” “DDoS- Attacks are simple and not sophisticated.” “These](https://reader036.vdocuments.net/reader036/viewer/2022081400/5f0b3c947e708231d42f8511/html5/thumbnails/20.jpg)
©2016 AKAMAI | FASTER FORWARDTMAkamai Confidential
![Page 21: DDoS Fallacies v2 - FKTG · Misapprehension on attack complexity “To mitigate a DDOS Attack I don’t need an expert.” “DDoS- Attacks are simple and not sophisticated.” “These](https://reader036.vdocuments.net/reader036/viewer/2022081400/5f0b3c947e708231d42f8511/html5/thumbnails/21.jpg)
©2016 AKAMAI | FASTER FORWARDTMAkamai Confidential
What’s your fancy?
![Page 22: DDoS Fallacies v2 - FKTG · Misapprehension on attack complexity “To mitigate a DDOS Attack I don’t need an expert.” “DDoS- Attacks are simple and not sophisticated.” “These](https://reader036.vdocuments.net/reader036/viewer/2022081400/5f0b3c947e708231d42f8511/html5/thumbnails/22.jpg)
©2016 AKAMAI | FASTER FORWARDTMAkamai Confidential
What’s a Booter?
![Page 23: DDoS Fallacies v2 - FKTG · Misapprehension on attack complexity “To mitigate a DDOS Attack I don’t need an expert.” “DDoS- Attacks are simple and not sophisticated.” “These](https://reader036.vdocuments.net/reader036/viewer/2022081400/5f0b3c947e708231d42f8511/html5/thumbnails/23.jpg)
©2016 AKAMAI | FASTER FORWARDTMAkamai Confidential
![Page 24: DDoS Fallacies v2 - FKTG · Misapprehension on attack complexity “To mitigate a DDOS Attack I don’t need an expert.” “DDoS- Attacks are simple and not sophisticated.” “These](https://reader036.vdocuments.net/reader036/viewer/2022081400/5f0b3c947e708231d42f8511/html5/thumbnails/24.jpg)
©2016 AKAMAI | FASTER FORWARDTMAkamai Confidential 24
WORKSHOP:BIGGEST FALLACIES IN DDOS DEFENSE
About erroneous belief and how to avoid pitfalls
Stefan Mardak, Enterprise Security Architect
![Page 25: DDoS Fallacies v2 - FKTG · Misapprehension on attack complexity “To mitigate a DDOS Attack I don’t need an expert.” “DDoS- Attacks are simple and not sophisticated.” “These](https://reader036.vdocuments.net/reader036/viewer/2022081400/5f0b3c947e708231d42f8511/html5/thumbnails/25.jpg)
©2016 AKAMAI | FASTER FORWARDTMAkamai Confidential 25
Fallacy or logical fallacy
A fallacy is when the reasoning used in an argument or debate contains a factual, punctual or logical error.
A fallacious argument appears correct in one way but it proves to be wrong in the examination.
![Page 26: DDoS Fallacies v2 - FKTG · Misapprehension on attack complexity “To mitigate a DDOS Attack I don’t need an expert.” “DDoS- Attacks are simple and not sophisticated.” “These](https://reader036.vdocuments.net/reader036/viewer/2022081400/5f0b3c947e708231d42f8511/html5/thumbnails/26.jpg)
©2016 AKAMAI | FASTER FORWARDTMAkamai Confidential 26
“WE WILL NOT BE ATTACKED”
WE WILL NOT BE ATTACKED
![Page 27: DDoS Fallacies v2 - FKTG · Misapprehension on attack complexity “To mitigate a DDOS Attack I don’t need an expert.” “DDoS- Attacks are simple and not sophisticated.” “These](https://reader036.vdocuments.net/reader036/viewer/2022081400/5f0b3c947e708231d42f8511/html5/thumbnails/27.jpg)
©2016 AKAMAI | FASTER FORWARDTMAkamai Confidential
More wrong assumptions in this context
What happens if someone plugs out your internet router? It’s the same effect!
“Our Website is not big enough and not popular”
“Only big Companies having the risk of being attacked”
“We have never been attacked - why should we invest?”
“We are not an interesting goal, our risk is manageable”
“Our Hoster/Serviceprovider is taking care, we do not have a risk anymore!
![Page 28: DDoS Fallacies v2 - FKTG · Misapprehension on attack complexity “To mitigate a DDOS Attack I don’t need an expert.” “DDoS- Attacks are simple and not sophisticated.” “These](https://reader036.vdocuments.net/reader036/viewer/2022081400/5f0b3c947e708231d42f8511/html5/thumbnails/28.jpg)
©2016 AKAMAI | FASTER FORWARDTMAkamai Confidential
Actual DDoS Campaigns
• DD4BC (DDoS for Bit Coin)• Armada Collective• Anonymous• Complex goal oriented attacks• Krebsonline - Dyn
New Business Model: DDoS Coins Each dot represents a DDoS attack, and each interval covers a 10-fold increase in attack size.
![Page 29: DDoS Fallacies v2 - FKTG · Misapprehension on attack complexity “To mitigate a DDOS Attack I don’t need an expert.” “DDoS- Attacks are simple and not sophisticated.” “These](https://reader036.vdocuments.net/reader036/viewer/2022081400/5f0b3c947e708231d42f8511/html5/thumbnails/29.jpg)
©2016 AKAMAI | FASTER FORWARDTMAkamai Confidential 29
MOTIVATION ßà EXPOSURE
Who is attacking? Who is attacked?
Hactivists
Ex Employees
Script Kiddies
Competitors
Extortionists
State Sponsored
“There is a hater for everyone”
![Page 30: DDoS Fallacies v2 - FKTG · Misapprehension on attack complexity “To mitigate a DDOS Attack I don’t need an expert.” “DDoS- Attacks are simple and not sophisticated.” “These](https://reader036.vdocuments.net/reader036/viewer/2022081400/5f0b3c947e708231d42f8511/html5/thumbnails/30.jpg)
©2016 AKAMAI | FASTER FORWARDTMAkamai Confidential 30
“CLASSIC SECURITY SOLUTIONS ARE OFFERING ENOUGH PROTECTION”
SEE, STILL CLASSIC SECURITY
OH NO –4TH GEN
ATTACKS
![Page 31: DDoS Fallacies v2 - FKTG · Misapprehension on attack complexity “To mitigate a DDOS Attack I don’t need an expert.” “DDoS- Attacks are simple and not sophisticated.” “These](https://reader036.vdocuments.net/reader036/viewer/2022081400/5f0b3c947e708231d42f8511/html5/thumbnails/31.jpg)
©2016 AKAMAI | FASTER FORWARDTMAkamai Confidential
Grow revenue opportunities with fast, personalized web experiences and manage complexity from peak demand, mobile devices and data collection.
11 18 2239 48
68 79 82
190
321 312
665
2 8 11 15 29 38 4569
144
97
222
348
2005 2006 2007 2008 2009 2010 2011 2012 2013 2014 2015 2016
Gbps Mpps ©2016 AKAMAI | FASTER FORWARDTM
Source: Akamai
The importance of
SCALE
2005 2006 2007 2008 2009 2010 2011 2012 2013 2014 2015 2016
Gbps Mpps
Mitigating DDoS Attacks with high bandwidth• Decentralized Scrubbing center• Traffic engineering - mutliple tier-1 provider• More bandwidth > 3Tbps• Minimal latency inside the Scrubbing Center
![Page 32: DDoS Fallacies v2 - FKTG · Misapprehension on attack complexity “To mitigate a DDOS Attack I don’t need an expert.” “DDoS- Attacks are simple and not sophisticated.” “These](https://reader036.vdocuments.net/reader036/viewer/2022081400/5f0b3c947e708231d42f8511/html5/thumbnails/32.jpg)
©2016 AKAMAI | FASTER FORWARDTMAkamai Confidential
Firewalls, IPS, WAF, Load balancer, …
Data inspection needs resources. Tailored attacks target these resources.Now the devices are part of the problem, not the resolution.
27%24%
8%4%
30%
5%
…are developed for protection of data integrity, for protection of access control and for confidentiality.
Targeted devices in a multi vector attack(numbers vary per attack)
![Page 33: DDoS Fallacies v2 - FKTG · Misapprehension on attack complexity “To mitigate a DDOS Attack I don’t need an expert.” “DDoS- Attacks are simple and not sophisticated.” “These](https://reader036.vdocuments.net/reader036/viewer/2022081400/5f0b3c947e708231d42f8511/html5/thumbnails/33.jpg)
©2016 AKAMAI | FASTER FORWARDTMAkamai Confidential 33
“PROTECTION ON ONE LEVEL IS SUFFICIENT”“WE JUST ADD MORE BANDWIDTH”
THEIR PROTECTION IS ONLY ONE LEVEL
![Page 34: DDoS Fallacies v2 - FKTG · Misapprehension on attack complexity “To mitigate a DDOS Attack I don’t need an expert.” “DDoS- Attacks are simple and not sophisticated.” “These](https://reader036.vdocuments.net/reader036/viewer/2022081400/5f0b3c947e708231d42f8511/html5/thumbnails/34.jpg)
©2016 AKAMAI | FASTER FORWARDTMAkamai Confidential
Misapprehension on attack complexity“To mitigate a DDOS Attack I don’t need an expert.”“DDoS- Attacks are simple and not sophisticated.”“These pure packet floods are easy to spot and to block”
The reality: DDoS attacks can attack bandwidth, network elements or servers …or all of them = multi vector attacks
![Page 35: DDoS Fallacies v2 - FKTG · Misapprehension on attack complexity “To mitigate a DDOS Attack I don’t need an expert.” “DDoS- Attacks are simple and not sophisticated.” “These](https://reader036.vdocuments.net/reader036/viewer/2022081400/5f0b3c947e708231d42f8511/html5/thumbnails/35.jpg)
©2016 AKAMAI | FASTER FORWARDTMAkamai Confidential
CDN & Outsourcing – a good start, but…
Todays networks are complex and spread -Corporate values and services are distributed in the Internet
Content Delivery Network•Concentrate on few services, mostly only HTTP and HTTPs•Concentrate on public available services•Buffer only static content and need connections to the origin (i.e. data base access)•Might hinder identification of the attacker and counter measures •Attack targets are often within the company DC (VPN-Gateways, E-Mail, FTP)•Attacker use changing or multiple attack vectors
Þ simple CDNs deliver basic protection for static contentÞ No protection for applications, for origin server, for shared resources in the DC
![Page 36: DDoS Fallacies v2 - FKTG · Misapprehension on attack complexity “To mitigate a DDOS Attack I don’t need an expert.” “DDoS- Attacks are simple and not sophisticated.” “These](https://reader036.vdocuments.net/reader036/viewer/2022081400/5f0b3c947e708231d42f8511/html5/thumbnails/36.jpg)
©2016 AKAMAI | FASTER FORWARDTMAkamai Confidential
Multi-Vector DDoS Attacks
Attack Vector vs. attacked Resource- UDP floods -> Bandwidth- Syn, Ack, TCP Anomaly -> IPS,
Load Balancer, Server- HTTP Get flood -> WAF, Server- RIP -> Router, Firewall- ICMP -> Router, Firewall
Multi-Vector DDoS Attacks Are the Norm
Multi-vector attacks accounted for 59% of DDoS activity in Q1 2016, up from 56% in Q4 2015
![Page 37: DDoS Fallacies v2 - FKTG · Misapprehension on attack complexity “To mitigate a DDOS Attack I don’t need an expert.” “DDoS- Attacks are simple and not sophisticated.” “These](https://reader036.vdocuments.net/reader036/viewer/2022081400/5f0b3c947e708231d42f8511/html5/thumbnails/37.jpg)
©2016 AKAMAI | FASTER FORWARDTMAkamai Confidential
What to do? Multilevel Attack Protection• Multiple attack vectors on infrastructure level and application level• Growing complexity in attack vectors (all levels)
• Variable defense strategy needed• Integration between all levels for
reliable and comprehensive protection
• Communication between all levels is essential as well as up-to-dateness of counter measures
App levelProtection
Infrastructure levelProtection DNS level
Protection
![Page 38: DDoS Fallacies v2 - FKTG · Misapprehension on attack complexity “To mitigate a DDOS Attack I don’t need an expert.” “DDoS- Attacks are simple and not sophisticated.” “These](https://reader036.vdocuments.net/reader036/viewer/2022081400/5f0b3c947e708231d42f8511/html5/thumbnails/38.jpg)
©2016 AKAMAI | FASTER FORWARDTMAkamai Confidential 38
“THE COST OF A DDOS ATTACK CAN NOT JUSTIFY THE COST FOR A SECURITY SOLUTION”
THAT IS BECAUSE HE STILL DOESN’T KNOW WHAT HE IS MISSING !
I MUST SAY THECASTLE OWNERDOESN”T LOOK
TOO UPSET !
![Page 39: DDoS Fallacies v2 - FKTG · Misapprehension on attack complexity “To mitigate a DDOS Attack I don’t need an expert.” “DDoS- Attacks are simple and not sophisticated.” “These](https://reader036.vdocuments.net/reader036/viewer/2022081400/5f0b3c947e708231d42f8511/html5/thumbnails/39.jpg)
©2016 AKAMAI | FASTER FORWARDTMAkamai Confidential
Hidden cost of a DDoS attack
Operational Expenses and indirect costs- Revenue loss- SLA compensation- Stock price fluctuation- Marketing to compensate reputation damage- Churn- Call center costs- Excessive emergency costs- Fees for consultants and lawyers- Increased insurance premium
DDoS attacks should be part of the risk management, as the risk can be predicted by statistics
![Page 40: DDoS Fallacies v2 - FKTG · Misapprehension on attack complexity “To mitigate a DDOS Attack I don’t need an expert.” “DDoS- Attacks are simple and not sophisticated.” “These](https://reader036.vdocuments.net/reader036/viewer/2022081400/5f0b3c947e708231d42f8511/html5/thumbnails/40.jpg)
©2016 AKAMAI | FASTER FORWARDTMAkamai Confidential
Recommendation
IT components should be used according to their planned purposed. Firewalls, IDP/IPS, load
balancer or application firewalls offer no DDoS protection.
Securing the availability of networks is a basic requirement and should not be underestimated.
Other connections like VPNs or partner accesses should be considered.
Multi level protection should be introduced. They mitigate attacks where it is most effective
Volumetric attacks can not be mitigated locally.
During a DDoS attack IT security staff should care for everything else, while the attack is
mitigated automatically with prepared strategies.
Think about pushing out the mitigation perimeter.
![Page 41: DDoS Fallacies v2 - FKTG · Misapprehension on attack complexity “To mitigate a DDOS Attack I don’t need an expert.” “DDoS- Attacks are simple and not sophisticated.” “These](https://reader036.vdocuments.net/reader036/viewer/2022081400/5f0b3c947e708231d42f8511/html5/thumbnails/41.jpg)
©2016 AKAMAI | FASTER FORWARDTMAkamai Confidential 41
“DDOS ATTACKS ARE NOT COMPLEX THREATS”
![Page 42: DDoS Fallacies v2 - FKTG · Misapprehension on attack complexity “To mitigate a DDOS Attack I don’t need an expert.” “DDoS- Attacks are simple and not sophisticated.” “These](https://reader036.vdocuments.net/reader036/viewer/2022081400/5f0b3c947e708231d42f8511/html5/thumbnails/42.jpg)
©2016 AKAMAI | FASTER FORWARDTMAkamai Confidential
Attack complexity
Technically DDoS attacks might not be complex, but mitigating them is!
4th gen DDoS attacks: IohT / Internet of hacked things1st gen: infected PCs, 2nd gen: Servers (i.e. wordpress), 3rd gen: reflection & amplification
DDoS used as smoke screen• Flooding security systems to lower security• Flooding log and SIEM systems to hide the hack
Threads which are imposed during a DDoS attack include- Data theft- Malware and spam delivery through compromised servers- Including compromised servers into attacks networks
![Page 43: DDoS Fallacies v2 - FKTG · Misapprehension on attack complexity “To mitigate a DDOS Attack I don’t need an expert.” “DDoS- Attacks are simple and not sophisticated.” “These](https://reader036.vdocuments.net/reader036/viewer/2022081400/5f0b3c947e708231d42f8511/html5/thumbnails/43.jpg)
©2016 AKAMAI | FASTER FORWARDTMAkamai Confidential
Fallacies have their impact...
…on decisions in the company on several departments•Risk assessment •Investments•Planning•IT security•All internet communication
Theses areas have their own models•Calculation•Best Common Practice•CIS Critical Security Controls for Effective Cyber Defense (www.sans.org)