slideshow: q3 2014 ssdp upnp devices ddos attacks from stateoftheinternet.com
TRANSCRIPT
![Page 1: Slideshow: Q3 2014 SSDP UPnP Devices DDoS Attacks from StateoftheInternet.com](https://reader035.vdocuments.net/reader035/viewer/2022081210/55a9ddbe1a28ab61538b4855/html5/thumbnails/1.jpg)
Q3 2014 State of the Internet:
Security Report Case Study
![Page 2: Slideshow: Q3 2014 SSDP UPnP Devices DDoS Attacks from StateoftheInternet.com](https://reader035.vdocuments.net/reader035/viewer/2022081210/55a9ddbe1a28ab61538b4855/html5/thumbnails/2.jpg)
©2014 AKAMAI | FASTER FORWARDTM
Botnets of New Types of Devices
• As system hardening tactics and protection for PCs and
servers have strengthened, attackers have shifted their
attention to a new class of devices for building DDoS botnets:
• Commercial routers
• Customer-premise equipment (CPEs)
• Mobile handheld devices
• Video conference devices
• Internet of Things (IoT) devices
• A DDoS botnet can leverage thousands of low-bandwidth
devices for a large attack
![Page 3: Slideshow: Q3 2014 SSDP UPnP Devices DDoS Attacks from StateoftheInternet.com](https://reader035.vdocuments.net/reader035/viewer/2022081210/55a9ddbe1a28ab61538b4855/html5/thumbnails/3.jpg)
©2014 AKAMAI | FASTER FORWARDTM
Unmanaged and Unmonitored Devices
• Several factors make Internet-enabled embedded devices
vulnerable to abuse:
• Insecure configurations
• Outdated firmware
• Lack of management and user interface to correct and update security
issues
• Lack of detection mechanisms
• Unrestricted uploads
• With more than160 million wireless access points worldwide,
these vulnerabilities represent a significant risk
![Page 4: Slideshow: Q3 2014 SSDP UPnP Devices DDoS Attacks from StateoftheInternet.com](https://reader035.vdocuments.net/reader035/viewer/2022081210/55a9ddbe1a28ab61538b4855/html5/thumbnails/4.jpg)
©2014 AKAMAI | FASTER FORWARDTM
SSDP Reflection Attacks
• A recently discovered botnet development tool crafted to probe
and find devices using the Simple Service Discovery Protocol
(SSDP) reveals a powerful new attack vector:
• SSDP permits networked devices to find each other and establish a network
connection
• Scans have discovered more than 17 million SSDP-enabled devices
• Malicious actors target these devices for reflection and amplification attacks
![Page 5: Slideshow: Q3 2014 SSDP UPnP Devices DDoS Attacks from StateoftheInternet.com](https://reader035.vdocuments.net/reader035/viewer/2022081210/55a9ddbe1a28ab61538b4855/html5/thumbnails/5.jpg)
©2014 AKAMAI | FASTER FORWARDTM
Devices Using SSDP
• SSDP is the basis of the discovery protocol of Universal Plug
and Play (UPnP)
• SSDP is enabled on millions of Internet-connected devices:
• Routers
• Network cameras
• Smart TVs
• Desktop computers
• Laptops
• Akamai research reveals that 38 percent of such devices in
use may be susceptible to abuse
![Page 6: Slideshow: Q3 2014 SSDP UPnP Devices DDoS Attacks from StateoftheInternet.com](https://reader035.vdocuments.net/reader035/viewer/2022081210/55a9ddbe1a28ab61538b4855/html5/thumbnails/6.jpg)
©2014 AKAMAI | FASTER FORWARDTM
Highlighted Campaign
• This new class of devices supports larger, more complex
attacks
• High bandwidth consumption: 215 Gbps
• Processing power consumption: 150 Mpps
• Geographical distribution: U.S., Europe, and Asia
• Almost 10 percent of IP addresses involved customer
premises equipment devices (CPEs) with payloads that
matched the Spike DDoS Toolkit
![Page 7: Slideshow: Q3 2014 SSDP UPnP Devices DDoS Attacks from StateoftheInternet.com](https://reader035.vdocuments.net/reader035/viewer/2022081210/55a9ddbe1a28ab61538b4855/html5/thumbnails/7.jpg)
©2014 AKAMAI | FASTER FORWARDTM
Geographical Dispersion of Source IPs
This figure shows the distribution of source IPs from a Q3 2014 attack. The new
class of devices allows wider geographic distribution of attack sources, which
creates greater complexity when mitigating DDoS campaigns.
![Page 8: Slideshow: Q3 2014 SSDP UPnP Devices DDoS Attacks from StateoftheInternet.com](https://reader035.vdocuments.net/reader035/viewer/2022081210/55a9ddbe1a28ab61538b4855/html5/thumbnails/8.jpg)
©2014 AKAMAI | FASTER FORWARDTM
DDoS Mitigation and Community Action
• Mitigation is needed at both the device level and the
administrator level
• Security must be a fundamental part in the development of
device firmware and applications
• Mechanisms must be available to update and patch systems
that will eventually fall vulnerable over their lifecycle
• Industrywide collaboration is necessary to address this
growing threat
• Hardware vendors and software developers are needed to
address the cleanup, mitigation and management of current
and potential vulnerabilities during the lifecycle of these
devices
![Page 9: Slideshow: Q3 2014 SSDP UPnP Devices DDoS Attacks from StateoftheInternet.com](https://reader035.vdocuments.net/reader035/viewer/2022081210/55a9ddbe1a28ab61538b4855/html5/thumbnails/9.jpg)
©2014 AKAMAI | FASTER FORWARDTM
Q3 2014 State of the Internet – Security Report
Download the Q3 2014 State of the Internet – Security
Report, which includes: • Analysis of DDoS attack trends
• Bandwidth (Gbps) and volume (Mpps) statistics
• Year-over-year and quarter-by-quarter analysis
• Application layer attacks and infrastructure attacks
• Attack frequency, size and sources
• Where and when DDoSers strike
• How and why attackers are building DDoS botnets from devices other than
PCs and servers
• Details of a record-breaking 321 Gbps DDoS attack
• Syrian Electronic Army (SEA) phishing attacks
• More at www.stateoftheinternet.com/security-reports
![Page 10: Slideshow: Q3 2014 SSDP UPnP Devices DDoS Attacks from StateoftheInternet.com](https://reader035.vdocuments.net/reader035/viewer/2022081210/55a9ddbe1a28ab61538b4855/html5/thumbnails/10.jpg)
©2014 AKAMAI | FASTER FORWARDTM
About stateoftheinternet.com
• StateoftheInternet.com, brought to you by Akamai, serves
as the home for content and information intended to
provide an informed view into online connectivity and
cybersecurity trends as well as related metrics, including
Internet connection speeds, broadband adoption, mobile
usage, outages, and cyber-attacks and threats.
• Visitors to www.stateoftheinternet.com can find current
and archived versions of Akamai’s State of the Internet
(Connectivity and Security) reports, the company’s data
visualizations, and other resources designed to put
context around the ever-changing Internet landscape.