DOCSLIB.ORG

How Can We Improve Security Against Ddos Attacks?

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
How Can We Improve Security Against Ddos Attacks? How can we improve security against DDoS attacks? A case study: The DyN Attack in 2016 ∗ Josué Magaña César Iván Olvera Pernille Lous, Moreno, Espinosa, 755737 754822 754806 Aalto University Espoo, Finland Aalto University Aalto University Espoo, Finland Espoo, Finland [email protected] [email protected] [email protected] ABSTRACT of cyberattacks. The DDoS cyberattack targeted to Dyn in 2016 has been one of the biggest distributed denial of service In this paper we aim to investigate the DyN attack attacks ever launched which affected the availability of and use the case study in order to research possible the most important internet services including social strategies and improvement to prevent these type of networks, streaming, online banks, online stores, etc. attacks; additionally the suggestions to cope with In- making almost impossible to share and analyse what dustrial Internet of Things and Internet of Things, IIoT was happening at the moment. and IoT. It was launched by taking advantage of the vulnera- KEYWORDS ble and insecure Internet of Things (IOT) devices. This Cybersecurity, DDoS attack, Internet of things, DyN attack also used a strategy of sending different kind attack, Industrial Internet of Things of attacks at the same time by using between 50 thou- ACM Reference Format: sand and 100 thousand of source devices. Nowadays, Josué Magaña Moreno, 754822, César Iván Olvera Espinosa, there are many types of mechanisms against this kind 754806, and Pernille Lous, 755737 . 2019. How can we improve of attacks. However, these are difficult to implement security against DDoS attacks? A case study: The DyN Attack and that is why we need to offer a protection plan that in 2016: . In Proceedings of 2019. ACM, New York, NY, USA, considers security measures before and after this kind Article 4, 12 pages. https://doi.org/10.475/123_4 ∗The full version of the author’s guide is available as acmart.pdf 1 INTRODUCTION document Today, cybersecurity is one of the most discussed topic Permission to make digital or hard copies of part or all of this around the world. Even we hear about cyber attacks, work for personal or classroom use is granted without fee provided importance of good passwords and leaks of informa- that copies are not made or distributed for profit or commercial tion; yet many people ignore the serious harm that lack advantage and that copies bear this notice and the full citation on of security can cause to them [13]. Attack against indus- the first page. Copyrights for third-party components of this work trial control systems together with Industrial Internet of must be honored. For all other uses, contact the owner/author(s). 2019, Case study: , Things (IIoT) and Internet of Things (IoT) — also called © 2019 Copyright held by the owner/author(s). ubiquitous computing — represents a great threat [18] ACM ISBN 123-4567-24-567/08/06. and these attacks are increasing heavily [4]. Devices in https://doi.org/10.475/123_4 both the heal care sector, oil platforms and much more 2019, Case study: , Cybersecurity are all connected to the Internet are vulnerable to cyber stopping the DDoS attack. attacks. Distributed denial of service (DDoS) attacks are on the increase and is a major danger towards both • Politicians. Others, on the other hand, have been IIoT and IoT [15], made for these purposes. Examples of this are the threats and attacks of the hacktivist group Anony- The main objective of a DDoS attack is to saturate a mous. One of his appearances was at the end of web server, making real users cannot enter because the April 2018, when they saturated the information server can not cope with so many requests for infor- site of Nicaragua’s Government as a demonstra- mation. The most frustrating thing is that usually the tion of support for the demonstrations that the attacker does not win anything, but the big problem opposition was carrying out in that Central Amer- with DDoS attacks is the overwhelming burden associ- ican country. ated with them. • The sensation of power and fun. For others, these The servers can be protected against these attacks with are its main motivations. An example is the case filters that reject badly formed or modified packages of Mafiaboy, a 16-year-old boy who in the year with false IPs so that only legitimate packages arrive 2000 set out to affect the availability of the CNN at the server. The measures are not infallible and the site. It could also impact Amazon, Yahoo, eBay, server can always end up saturated if the attack is suf- among other companies. ficiently massive and well prepared. In addition, over the years there are more vulnera- To give us an idea of the magnitude necessary for a bilities and different ways of committing the attacks, DDoS to be effective, we can observe the traffic ofa causing a greater impact than the one suffered in Oc- server over time. Traffic during the attack (in green) is tober 2016 to Dyn. For example, on February 28, the so large that normal server traffic is barely visible. collaborative development platform GitHub suffered what was at the time the largest DDoS attack in history (1.35 terabits per second), and four days later, on March 4 this year, A website in the United States, whose name was not revealed, received an even larger attack (1.7 terabits per second). Figure 1: The traffic of a server In this paper we aim to analyse a case study of The Dyn Attack from 2016 which is a DDoS attack again Basically, a DDoS attack can only cause the fall of a domain name system (DNS) provider. The goal is the web, but depending on the kind of webpage and to present and analyse the case, do a minor literature this can be a catastrophe of great losses or not so many. study and hereby be able to answer the two following If the web page is simply informative, it will not be so research questions: affected, but if the web generates money (online stores, • What solutions can we use to prevent attacks like advertising), the owner stops making money while it the Dyn Attack? falls. • How can we improve against DDoS attacks? 1.1 Reason for the attacks We aim to use the published news in order to un- derstand the case of the DyN attack; afterwards, we During the last 20 years, distributed denial of service will investigate the issues using the existing academic attacks have been used for different purposes: literature. • Financial. The attackers extort the companies to The paper is structured as follows: First we present pay ransoms in exchange for not executing or the case study, the DyN Attack and the concept of the 2019, Case study: , How can we improve security against DDoS attacks? A case study: The DyN Attack in 2016 attack, then Section III briefly describes how this study For example, blog.kaspersky.com lives at the IP address was conducted, Section IV presents Related Work, Sec- 161.47.21.156. [17] tion V contains the Discussion in which improvements 2.1.3 Distributed denial-of-service (DDoS) attack. Other and prevention are presented. In Section VI we discuss important concept that needs to be developed is a DDoS the validity of the paper briefly, before we conclude the attack, which is an attempt made by cybercriminals to paper in Section VII. halt the normal traffic in a service, server or a network by overwhelming the target or its structure with a flood 2 CASE STUDY, THE DYN ATTACK of internet traffic. The Dyn Cyberattack was an attack that occured on October 21, 2016 that was done by a series of denial-of- These attacks are effective because they use a lot of service attacks (DDoS attacks), which targeted systems computer systems and IoT devices, principally, as their operated by the Domain Name System (DNS) provider sources to attack, which gives the possibility to affect 1 called Dyn. more in less time. [5] The attack itself caused a lot of services and internet From a high level, a DDoS attack can be imagined as platforms to be unavailable for a lot of users in North a traffic jam that is disturbing regular traffic from arriv- America (USA and Mexico) as well as in some parts ing at its desire destination. of Europe, where the groups new world hackers and anonymous claimed responsibility for the attack, but 2.2 Timeline and Impact there wasn’t too much provided evidence. [2] 2.2.1 Timeline. The attack happened in three waves according to Dyn; the first DDoS attack began at 11:10 2.1 Related concepts (UTC)2 and was resolved by 13:20. The second occurred Before going deeper on the Dyn cyberattack it is im- between 15:50 and 17:00 UTC and internet users started portant to describe some concepts referred in the case to report difficulties accessing websites. A third attack description which are: The Domain Name System and began in the night 20:00; at 22:11, Dyn reported that the DDoS attack and Mirai Malware. they had resolved the issue. 2.1.1 Mirai Malware. Mirai is malware that infects 2.2.2 Impact. The first wave affected the East Coast. smart devices that run on ARC processors, turning them The second one affected users in California and the Mid- into a network of remotely controlled bots or zombies. west, as well as Europe. The third wave was mitigated This network of bots, called a botnet, is often used by the efforts of Dyn.
Load more

Recommended publications
  • (U//Fouo) Assessment of Anonymous Threat to Control Systems
    UNCLASSIFIED//FOR OFFICIAL USE ONLY A‐0020‐NCCIC / ICS‐CERT –120020110916 DISTRIBUTION NOTICE (A): THIS PRODUCT IS INTENDED FOR MISION PARTNERS AT THE “FOR OFFICIAL USE ONLY” LEVEL, ACROSS THE CYBERSECURITY, CRITICAL INFRASTRUCTURE AND / OR KEY RESOURCES COMMUNITY AT LARGE. (U//FOUO) ASSESSMENT OF ANONYMOUS THREAT TO CONTROL SYSTEMS EXECUTIVE SUMMARY (U) The loosely organized hacking collective known as Anonymous has recently expressed an interest in targeting inDustrial control systems (ICS). This proDuct characterizes Anonymous’ capabilities and intent in this area, based on expert input from DHS’s Control Systems Security Program/Industrial Control Systems Cyber Emergency Response Team (ICS‐CERT) in coordination with the other NCCIC components. (U//FOUO) While Anonymous recently expressed intent to target ICS, they have not Demonstrated a capability to inflict Damage to these systems, instead choosing to harass and embarrass their targets using rudimentary attack methoDs, readily available to the research community. Anonymous does have the ability to impact aspects of critical infrastructure that run on common, internet accessible systems (such as web‐based applications and windows systems) by employing tactics such as denial of service. Anonymous’ increased interest may indicate intent to Develop an offensive ICS capability in the future. ICS‐CERT assesses that the publically available information regarding exploitation of ICS coulD be leveraged to reDuce the amount of time to develop offensive ICS capabilities. However, the lack of centralized leadership/coordination anD specific expertise may pose challenges to this effort. DISCUSSION (U//FOUO) Several racist, homophobic, hateful, and otherwise maliciously intolerant cyber and physical inciDents throughout the past Decadea have been attributeD to Anonymous, though recently, their targets and apparent motivations have evolved to what appears to be a hacktivist1 agenda.
    [Show full text]
  • About the Sony Hack
    All About the Sony Hack Sony Pictures Entertainment was hacked in late November by a group called the Guardians of Peace. The hackers stole a significant amount of data off of Sony’s servers, including employee conversations through email and other documents, executive salaries, and copies of unreleased January/February 2015 Sony movies. Sony’s network was down for a few days as administrators worked to assess the damage. According to the FBI, the hackers are believed have ties with the North Korean government, which has denied any involvement with the hack and has even offered to help the United States discover the identities of the hackers. Various analysts and security experts have stated that it is unlikely All About the Sony Hack that the North Korean government is involved, claiming that the government likely doesn’t have the Learn how Sony was attacked and infrastructure to succeed in a hack of this magnitude. what the potential ramifications are. The hackers quickly turned their focus to an upcoming Sony film, “The Interview,” a comedy about Securing Your Files in Cloud two Americans who assassinate North Korean leader Kim Jong-un. The hackers contacted Storage reporters on Dec. 16, threatening to commit acts of terrorism towards people going to see the Storing files in the cloud is easy movie, which was scheduled to be released on Dec. 25. Despite the lack of credible evidence that and convenient—but definitely not attacks would take place, Sony decided to postpone the movie’s release. On Dec. 19, President risk-free. Obama went on record calling the movie’s cancelation a mistake.
    [Show full text]
  • Sample Iis Publication Page
    https://doi.org/10.48009/1_iis_2012_133-143 Issues in Information Systems Volume 13, Issue 1, pp. 133-143, 2012 HACKERS GONE WILD: THE 2011 SPRING BREAK OF LULZSEC Stan Pendergrass, Robert Morris University, [email protected] ABSTRACT Computer hackers, like the group known as Anonymous, have made themselves more and more relevant to our modern life. As we create and expand more and more data within our interconnected electronic universe, the threat that they bring to its fragile structure grows as well. However Anonymous is not the only group of hackers/activists or hacktivists that have made their presence known. LulzSec was a group that wreaked havoc with information systems in 2011. This will be a case study examination of their activities so that a better understanding of five aspects can be obtained: the Timeline of activities, the Targets of attack, the Tactics the group used, the makeup of the Team and a category which will be referred to as The Twist for reasons which will be made clear at the end of the paper. Keywords: LulzSec, Hackers, Security, AntiSec, Anonymous, Sabu INTRODUCTION Information systems lie at the heart of our modern existence. We deal with them when we work, when we play and when we relax; texting, checking email, posting on Facebook, Tweeting, gaming, conducting e-commerce and e- banking have become so commonplace as to be nearly invisible in modern life. Yet, within each of these electronic interactions lies the danger that the perceived line of security and privacy might be breached and our most important information and secrets might be revealed and exploited.
    [Show full text]
  • The 2014 Sony Hack and the Role of International Law
    The 2014 Sony Hack and the Role of International Law Clare Sullivan* INTRODUCTION 2014 has been dubbed “the year of the hack” because of the number of hacks reported by the U.S. federal government and major U.S. corporations in busi- nesses ranging from retail to banking and communications. According to one report there were 1,541 incidents resulting in the breach of 1,023,108,267 records, a 78 percent increase in the number of personal data records compro- mised compared to 2013.1 However, the 2014 hack of Sony Pictures Entertain- ment Inc. (Sony) was unique in nature and in the way it was orchestrated and its effects. Based in Culver City, California, Sony is the movie making and entertain- ment unit of Sony Corporation of America,2 the U.S. arm of Japanese electron- ics company Sony Corporation.3 The hack, discovered in November 2014, did not follow the usual pattern of hackers attempting illicit activities against a business. It did not specifically target credit card and banking information, nor did the hackers appear to have the usual motive of personal financial gain. The nature of the wrong and the harm inflicted was more wide ranging and their motivation was apparently ideological. Identifying the source and nature of the wrong and harm is crucial for the allocation of legal consequences. Analysis of the wrong and the harm show that the 2014 Sony hack4 was more than a breach of privacy and a criminal act. If, as the United States maintains, the Democratic People’s Republic of Korea (herein- after North Korea) was behind the Sony hack, the incident is governed by international law.
    [Show full text]
  • Cloud Down Impacts on the US Economy 02
    Emerging Risk Report 2018 Technology Cloud Down Impacts on the US economy 02 Lloyd’s of London disclaimer About Lloyd’s Lloyd's is the world's specialist insurance and This report has been co-produced by Lloyd's and AIR reinsurance market. Under our globally trusted name, for general information purposes only. While care has we act as the market's custodian. Backed by diverse been taken in gathering the data and preparing the global capital and excellent financial ratings, Lloyd's report Lloyd's does not make any representations or works with a global network to grow the insured world – warranties as to its accuracy or completeness and building resilience of local communities and expressly excludes to the maximum extent permitted by strengthening global economic growth. law all those that might otherwise be implied. With expertise earned over centuries, Lloyd's is the Lloyd's accepts no responsibility or liability for any loss foundation of the insurance industry and the future of it. or damage of any nature occasioned to any person as a Led by expert underwriters and brokers who cover more result of acting or refraining from acting as a result of, or than 200 territories, the Lloyd’s market develops the in reliance on, any statement, fact, figure or expression essential, complex and critical insurance needed to of opinion or belief contained in this report. This report underwrite human progress. does not constitute advice of any kind. About AIR Worldwide © Lloyd’s 2018 All rights reserved AIR Worldwide (AIR) provides risk modeling solutions that make individuals, businesses, and society more AIR disclaimer resilient to extreme events.
    [Show full text]
  • Analyzing Third Party Service Dependencies in Modern Web Services: Have We Learned from the Mirai-Dyn Incident?
    Analyzing Third Party Service Dependencies in Modern Web Services: Have We Learned from the Mirai-Dyn Incident? Aqsa Kashaf Vyas Sekar Yuvraj Agarwal Carnegie Mellon University Carnegie Mellon University Carnegie Mellon University [email protected] [email protected] [email protected] Abstract the Mirai Dyn attack [24], GlobalSign revocation error incident in Many websites rely on third parties for services (e.g., DNS, CDN, 2016 [21] and the Amazon DNS DDoS attack in 2019 [50] affected etc.). However, it also exposes them to shared risks from attacks a significant number of popular web services. These incidents raise (e.g., Mirai DDoS attack [24]) or cascading failures (e.g., GlobalSign broader questions about the robustness of the web ecosystem: • revocation error [21]). Motivated by such incidents, we analyze Are these singular occurrences or are there other types of third- the prevalence and impact of third-party dependencies, focusing party services that are also potential Achilles’ heels for affecting on three critical infrastructure services: DNS, CDN, and certificate popular web-services? For example, as services are concentrated, revocation checking by CA. We analyze both direct (e.g., Twitter is there a single provider whose failure will have a significant uses Dyn) and indirect (e.g., Netflix uses Symantec as CA which impact on many websites critically dependent on it? uses Verisign for DNS) dependencies. We also take two snapshots • Are there hidden transitive or indirect dependencies between in 2016 and 2020 to understand
    [Show full text]
  • Architect's Guide for Securing Network Equipment
    JANUARY 2018 ARCHITECT’S GUIDE FOR SECURING NETWORK EQUIPMENT Trusted Computing Group 3855 SW 153rd Drive Tel (503) 619-0562 Fax (503) 644-6708 [email protected] www.trustedcomputinggroup.org Architect’s Guide for Security Network Equipment Copyright© 2018 Trusted Computing Group | All Rights Reserved ARCHITECT’S GUIDE FOR SECURING NETWORK EQUIPMENT As part of the critical infrastructure of an enterprise, network equipment (Side Bar 1) is subject to the same types of attacks and threats as PCs, servers and the network itself. THESE THREATS INCLUDE: UNAUTHORIZED DEVICES UNAUTHORIZED CODE FIRMWARE IMPLANTS THAT 1 THAT CAN GAIN ACCESS 2 THAT CAN INTERFERE 3 CAN RENDER ATTACKS TO NETWORKED DATA WITH SAFE OPERATION INVISIBLE AND UNREMOVABLE Preserving the integrity and security of network equipment is essential to maintaining customer privacy and network reliability. Trusted Computing solutions can be used to provide these requirements. This Architect’s Guide makes the case for addressing network security and provides some initial guidance from ongoing efforts in this area. AWARENESS PRIOR TO ACTION Experts in providing trust to all aspects of an It is important to distinguish network security enterprise have found that many designers are not provided by items such as firewalls, VPNs, MPLS concerned about protecting the low-level, embedded domains, access lists, intrusion detection, network portions of their infrastructure. For example, those access controls, Radius, DMZs and a host of other people who are interested specifically in network functions that prevent inappropriate access to security are extremely concerned about almost all networked resources, from Secure Network aspects that involve anti-viruses and software but Equipment.
    [Show full text]
  • Risk Report Back in October 2016, Dyn Encountered a Massive DNS Ddos Attack That Knocked
    Dyn DNS Cyberattack By Bryce Kolton 12/7/2016 | INFO 312 Introduction On October 21st 2016, a terabit sized attack took down internet connectivity for users across the globe. Over three waves, millions of users were interrupted during main business hours. The attack targeted Dyn (pronounced “dine”), a company that in part provides Domain Name Service registration for websites. Companies affected included Amazon, BBC, CNN, Comcast, Fox, GitHub, Netflix, PayPal, Reddit, Starbucks, Twitter, Verizon, Visa, Wikia and hundreds more. Credit card terminals were inoperative, news sites unavailable, and users unable to reach some of the internet’s most popular websites. The internet ground to a halt for several hours, with major Fortune 500 companies among those affected. The focus of this risk management report will be the cyberattack at large; The background, causes, previous mitigations, response, still present risks, and recommendations after one of the largest cyberattacks ever recorded. Understanding the Domain Name Service As an illustrative example, let’s say you want to visit a new grocery store your friend just told you about, “Sya’s Grocery.” You know the name, but you need to find the physical address. By using a service like Google Maps, you can transcribe the human-readable name into the destination. The Domain Name Service works much the same way, but for URLs. When you type in “google.com,” your computer is clueless to the ‘real address’ it’s supposed to go to. That’s where DNS steps in: your device asks its closes DNS server “Who is ‘google.com’?” If the server doesn’t know, it’ll pass the request along until it finds a server that does.
    [Show full text]
  • Attack on Sony 2014 Sammy Lui
    Attack on Sony 2014 Sammy Lui 1 Index • Overview • Timeline • Tools • Wiper Malware • Implications • Need for physical security • Employees – Accomplices? • Dangers of Cyberterrorism • Danger to Other Companies • Damage and Repercussions • Dangers of Malware • Defense • Reparations • Aftermath • Similar Attacks • Sony Attack 2011 • Target Attack • NotPetya • Sources 2 Overview • Attack lead by the Guardians of Peace hacker group • Stole huge amounts of data from Sony’s network and leaked it online on Wikileaks • Data leaks spanned over a few weeks • Threatening Sony to not release The Interview with a terrorist attack 3 Timeline • 11/24/14 - Employees find Terabytes of data stolen from computers and threat messages • 11/26/14 - Hackers post 5 Sony movies to file sharing networks • 12/1/14 - Hackers leak emails and password protected files • 12/3/14 – Hackers leak files with plaintext credentials and internal and external account credentials • 12/5/14 – Hackers release invitation along with financial data from Sony 4 Timeline • 12/07/14 – Hackers threaten several employees to sign statement disassociating themselves with Sony • 12/08/14 - Hackers threaten Sony to not release The Interview • 12/16/14 – Hackers leaks personal emails from employees. Last day of data leaks. • 12/25/14 - Sony releases The Interview to select movie theaters and online • 12/26/14 –No further messages from the hackers 5 Tools • Targeted attack • Inside attack • Wikileaks to leak data • The hackers used a Wiper malware to infiltrate and steal data from Sony employee
    [Show full text]
  • A PRACTICAL METHOD of IDENTIFYING CYBERATTACKS February 2018 INDEX
    In Collaboration With A PRACTICAL METHOD OF IDENTIFYING CYBERATTACKS February 2018 INDEX TOPICS EXECUTIVE SUMMARY 4 OVERVIEW 5 THE RESPONSES TO A GROWING THREAT 7 DIFFERENT TYPES OF PERPETRATORS 10 THE SCOURGE OF CYBERCRIME 11 THE EVOLUTION OF CYBERWARFARE 12 CYBERACTIVISM: ACTIVE AS EVER 13 THE ATTRIBUTION PROBLEM 14 TRACKING THE ORIGINS OF CYBERATTACKS 17 CONCLUSION 20 APPENDIX: TIMELINE OF CYBERSECURITY 21 INCIDENTS 2 A Practical Method of Identifying Cyberattacks EXECUTIVE OVERVIEW SUMMARY The frequency and scope of cyberattacks Cyberattacks carried out by a range of entities are continue to grow, and yet despite the seriousness a growing threat to the security of governments of the problem, it remains extremely difficult to and their citizens. There are three main sources differentiate between the various sources of an of attacks; activists, criminals and governments, attack. This paper aims to shed light on the main and - based on the evidence - it is sometimes types of cyberattacks and provides examples hard to differentiate them. Indeed, they may of each. In particular, a high level framework sometimes work together when their interests for investigation is presented, aimed at helping are aligned. The increasing frequency and severity analysts in gaining a better understanding of the of the attacks makes it more important than ever origins of threats, the motive of the attacker, the to understand the source. Knowing who planned technical origin of the attack, the information an attack might make it easier to capture the contained in the coding of the malware and culprits or frame an appropriate response. the attacker’s modus operandi.
    [Show full text]
  • Waves of Cyber Attacks Hit Netflix, Spotify, Twitter
    Waves of cyber attacks hit Netflix, Spotify, Twitter usatoday.com/story/tech/2016/10/21/cyber-attack-takes-down-east-coast-netflix-spotify-twitter/92507806/ 10/21/2016 If you live on the East Coast and had trouble accessing Twitter, Spotify Netflix, Amazon or Reddit Friday morning, you were not alone. USA TODAY SAN FRANCISCO — At least two successive waves of online attacks blocked multiple major websites Friday, at times making it impossible for many users on the East Coast to access Twitter, Spotify, Netflix, Amazon, Tumblr and Reddit. The first attacks appear to have begun around 7:10 am Friday, then resolved towards 9:30 am, but then a fresh wave began. The cause was a large-scale distributed denial of service attack (DDoS) against Internet performance company Dyn that blocked user access to many popular sites standstill. Dyn reported the sites going down at around 11:10 a.m. UTC, or roughly 7:10 a.m. ET, posting on its website that it "began monitoring and mitigating a DDoS attack against our Dyn Managed DNS infrastructure." In an update posted at 8:45 a.m. ET, the company confirmed the attack, noting that "this attack is mainly impacting US East and is impacting Managed DNS customers in this region. Our Engineers are continuing to work on mitigating this issue." White House Press Secretary Josh Earnest said the Department of Homeland Security was “monitoring the situation" but that “at this point I don’t have any information about who may be responsible for this malicious activity.” It was unclear Friday if the attacks are focused on Dyn specifically or companies that it provides services to, said Carl Herberger, vice president of security at security company Radware.
    [Show full text]
  • IP-Based Iot Device Detection
    IP-Based IoT Device Detection Hang Guo and John Heidemann USC/Information Sciences Institute August 20, 2018 IoT S&P’18 1 IoT Devices Cause Record-Breaking DDoS Attacks 2016-09-20: 620 Gb/s attack against cybersecurity blog KrebsOnSecurity.com 2016-09-23: Est 1 Tb/s attack on French cloud-computing provider OVH 2016-10-21: Est 1 Tb/s attack against DNS provider Dyn - Last about 5 and a half hours in total, affect 69 services Airbnb FiveThirtyEight Overstock.com Slack WWE Network Amazon.com Fox News PayPal SoundCloud Xbox Live Ancestry.com The Guardian Pinterest Squarespace Yammer The A.V. Club GitHub Pixlr Spotify Yelp BBC V Grubhub PlayStation Network Starbucks Zillow The Boston Globe ulHBOne Qualtrics Storify Box Herokurable Quora Swedish Government Business Insider HostGator IoT Reddit Swedish Civil Contingencies Agency Dev CNN iHeartRadio Roblox ices B Tumblr Comcast Imgur Ruby Lane rokTwilioe CrunchBase Indiegogo RuneScape Twitterthe In DirecTV Mashable SaneBox Verizon Communicationsterne The Elder Scrolls Online NHL Seamless Visa t ! Electronic Arts Netflix Second Life Vox Media Etsy The New York Times Shopify Walgreens The Wall Street Journal Wikia Wired 2 Wix.com Motivation • Vulnerable IoT devices threaten the security of Internet ecosystem • To understand these threats requires knowledge IoT devices. – Such as locations, distribution and growth • These knowledge help guide the design and deployment of future IoT security solutions – Reveal the scale of IoT security problem, the problem’s growth and distribution 3 Contributions • A new method to detect IoT devices from observations of Internet traffic. • Apply our method to real-world network traffic – Find at least 35 IoT devices on a college campus and 60 in customers of an IXP.
    [Show full text]