state of the internet: mirai, iot and history of botnets
TRANSCRIPT
State of the Internet: Mirai, IOT & History of Botnets
Ashvini Singhal, Head - Security Operations Center, Akamai
©2015 AKAMAI | FASTER FORWARDTMAkamai Confidential
Grow revenue opportunities with fast, personalized web experiences and manage complexity from peak demand, mobile devices and data collection.
Internet- Threat Lanscape
©2015 AKAMAI | FASTER FORWARDTMAkamai Confidential
DDoS Attack Trends
©2015 AKAMAI | FASTER FORWARDTMAkamai Confidential
What Comes to Mind When your Hear the Word?
BotNet
©2015 AKAMAI | FASTER FORWARDTMAkamai Confidential
DDoSMalware
Service DisruptionSomething “Bad”
©2015 AKAMAI | FASTER FORWARDTMAkamai Confidential
A group of internet-connected devices controlled by a central system
What does a BotNet Really Mean?
©2015 AKAMAI | FASTER FORWARDTMAkamai Confidential
Lee Enfield No.4 Mk2
Firepower - Then
©2015 AKAMAI | FASTER FORWARDTMAkamai Confidential
Firepower - NOW
©2015 AKAMAI | FASTER FORWARDTMAkamai Confidential
What made it so EASY?
©2015 AKAMAI | FASTER FORWARDTMAkamai Confidential
IOT – Internet of Things
©2015 AKAMAI | FASTER FORWARDTMAkamai Confidential
Large Attacks – Q3 2016
©2015 AKAMAI | FASTER FORWARDTMAkamai Confidential
Large Attacks – Q4 2016
©2015 AKAMAI | FASTER FORWARDTMAkamai Confidential
Botnet Attacks
©2015 AKAMAI | FASTER FORWARDTMAkamai Confidential
Mirai- Botnet
©2015 AKAMAI | FASTER FORWARDTMAkamai Confidential
Mirai (Japanese for “The Future”)
What is Mirai?
This tool achieved particular notoriety for its specific targeting of IoT devices, such as IP cameras, WiFi-connected refrigerators, unsecured home routers, etc.
©2015 AKAMAI | FASTER FORWARDTMAkamai Confidential
3 Typical Attack Targets:
• Datacenter routing• DNS• Application
Problem is, if any of the 3 are taken out, the entire enterprise is taken out
Unlike many Attack Bots, Mirai can be very specifically aimed at all 3 targets with great accuracy
Mirai Baseline
©2015 AKAMAI | FASTER FORWARDTMAkamai Confidential
Mirai – Attack Vector
©2015 AKAMAI | FASTER FORWARDTMAkamai Confidential
Avoid data theft and downtime by extending the security perimeter outside the data-center and protect from increasing frequency, scale and sophistication of web attacks.
Command and Control
Report server
Infection server
Manually Infected IoT Device
Component's of the Mirai Bot Net
©2015 AKAMAI | FASTER FORWARDTMAkamai Confidential
Life Form
©2015 AKAMAI | FASTER FORWARDTMAkamai Confidential
Avoid data theft and downtime by extending the security perimeter outside the data-center and protect from increasing frequency, scale and sophistication of web attacks.
1.1.1.1 admin admin✓
1.1.1.1 admin admin ✓
The IoT Bot scans the internet for other devices and test default username and password combos Successful results are sent to the Report server. Report server sends results to the Infection server to infect new bot. Bots come online and connect to the C2 for instructs and maintain heartbeatBots come online and connect to the C2 for instructs and maintain heartbeat and restarts processes.
C2
Report
Infection
Basic Anatomy IoT infection
©2015 AKAMAI | FASTER FORWARDTMAkamai Confidential
Mirai – Scanning
©2015 AKAMAI | FASTER FORWARDTMAkamai Confidential
Mirai Attack – DNS Variant
©2015 AKAMAI | FASTER FORWARDTMAkamai Confidential
Mirai Attack – Broad Spectrum Attack
©2015 AKAMAI | FASTER FORWARDTMAkamai Confidential
What Can You Do?
Phase 1 • Strict access controls on your firewall(Datacenter, Web and DNS)
Phase 2 • Loosen your Phase I controls to bring secondary services back online
Phase 3 • Bring all services back online
KNOW YOUR ENVIRONMENT
©2015 AKAMAI | FASTER FORWARDTMAkamai Confidential
Avoid data theft and downtime by extending the security perimeter outside the data-center and protect from increasing frequency, scale and sophistication of web attacks.
A Pervasive Platform:
• Every major city• Every major network• One network hop away from 95% users
Accelerating:• 5 of the top 5 high tech firms• 3 of the top 3 stock exchanges• 5 of the top 5 M&E firms• 5 of the top 5 ecommerce firms
Akamai has 400+ customers in India, including the who’s who of the Indian Enterprise!
Akamai in India
©2015 AKAMAI | FASTER FORWARDTMAkamai Confidential
Grow revenue opportunities with fast, personalized web experiences and manage complexity from peak demand, mobile devices and data collection.
216,000+ servers1,500+ networks
650+ cities120+ countries
A GLOBAL PLATFORM
All top 60 eCommerce sitesAll top 30 M&E companies
All branches of the U.S. militaryAll top 10 banks
DELIVERING 13+ MILLION HOSTNAMES
40+ million hits per second2+ trillion deliveries per day
30+ terabits per second
ACCELERATING DAILY TRAFFIC OF
Akamai Today
Delivering 15-30+% of All Web Traffic
©2015 AKAMAI | FASTER FORWARDTMAkamai Confidential
Grow revenue opportunities with fast, personalized web experiences and manage complexity from peak demand, mobile devices and data collection.
Thank You!