Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

State of the Internet: Mirai, IOT and History of Botnets

597 views

Published on

Ashwani Singhal, Head Security Operations Center Akamai

Published in: Technology
  • Be the first to comment

  • Be the first to like this

State of the Internet: Mirai, IOT and History of Botnets

  1. 1. State of the Internet: Mirai, IOT & History of Botnets Ashvini Singhal, Head - Security Operations Center, Akamai
  2. 2. ©2015 AKAMAI | FASTER FORWARDTM Akamai Confidential Grow revenue opportunities with fast, personalized web experiences and manage complexity from peak demand, mobile devices and data collection. Internet- Threat Lanscape
  3. 3. ©2015 AKAMAI | FASTER FORWARDTM Akamai Confidential DDoS Attack Trends
  4. 4. ©2015 AKAMAI | FASTER FORWARDTM Akamai Confidential What Comes to Mind When your Hear the Word? BotNet
  5. 5. ©2015 AKAMAI | FASTER FORWARDTM Akamai Confidential DDoS Malware Service Disruption Something “Bad”
  6. 6. ©2015 AKAMAI | FASTER FORWARDTM Akamai Confidential A group of internet-connected devices controlled by a central system What does a BotNet Really Mean?
  7. 7. ©2015 AKAMAI | FASTER FORWARDTM Akamai Confidential Lee Enfield No.4 Mk2 Firepower - Then
  8. 8. ©2015 AKAMAI | FASTER FORWARDTM Akamai Confidential Firepower - NOW
  9. 9. ©2015 AKAMAI | FASTER FORWARDTM Akamai Confidential What made it so EASY?
  10. 10. ©2015 AKAMAI | FASTER FORWARDTM Akamai Confidential IOT – Internet of Things
  11. 11. ©2015 AKAMAI | FASTER FORWARDTM Akamai Confidential Large Attacks – Q3 2016
  12. 12. ©2015 AKAMAI | FASTER FORWARDTM Akamai Confidential Large Attacks – Q4 2016
  13. 13. ©2015 AKAMAI | FASTER FORWARDTM Akamai Confidential Botnet Attacks
  14. 14. ©2015 AKAMAI | FASTER FORWARDTM Akamai Confidential Mirai- Botnet
  15. 15. ©2015 AKAMAI | FASTER FORWARDTM Akamai Confidential Mirai (Japanese for “The Future”) What is Mirai? This tool achieved particular notoriety for its specific targeting of IoT devices, such as IP cameras, WiFi-connected refrigerators, unsecured home routers, etc
  16. 16. ©2015 AKAMAI | FASTER FORWARDTM Akamai Confidential 3 Typical Attack Targets: • Datacenter routing • DNS • Application Problem is, if any of the 3 are taken out, the entire enterprise is taken out Unlike many Attack Bots, Mirai can be very specifically aimed at all 3 targets with great accuracy Mirai Baseline
  17. 17. ©2015 AKAMAI | FASTER FORWARDTM Akamai Confidential Mirai – Attack Vector
  18. 18. ©2015 AKAMAI | FASTER FORWARDTM Akamai Confidential Avoid data theft and downtime by extending the security perimeter outside the data-center and protect from increasing frequency, scale and sophistication of web attacks. Command and Control Report server Infection server Manually Infected IoT Device Component's of the Mirai Bot Net
  19. 19. ©2015 AKAMAI | FASTER FORWARDTM Akamai Confidential Life Form
  20. 20. ©2015 AKAMAI | FASTER FORWARDTM Akamai Confidential Avoid data theft and downtime by extending the security perimeter outside the data-center and protect from increasing frequency, scale and sophistication of web attacks. 1.1.1.1 admin admin✓ 1.1.1.1 admin admin ✓ The IoT Bot scans the internet for other devices and test default username and password combosSuccessful results are sent to the Report server.Report server sends results to the Infection server to infect new bot.Bots come online and connect to the C2 for instructs and maintain heartbeatBots come online and connect to the C2 for instructs and maintain heartbeat and restarts processes. C2 Report Infection BasicAnatomy IoT infection
  21. 21. ©2015 AKAMAI | FASTER FORWARDTM Akamai Confidential Mirai – Scanning
  22. 22. ©2015 AKAMAI | FASTER FORWARDTM Akamai Confidential Mirai Attack – DNS Variant
  23. 23. ©2015 AKAMAI | FASTER FORWARDTM Akamai Confidential Mirai Attack – Broad Spectrum Attack
  24. 24. ©2015 AKAMAI | FASTER FORWARDTM Akamai Confidential What Can You Do? Phase 1 • Strict access controls on your firewall(Datacenter, Web and DNS) Phase 2 • Loosen your Phase I controls to bring secondary services back online Phase 3 • Bring all services back online KNOW YOUR ENVIRONMENT
  25. 25. ©2015 AKAMAI | FASTER FORWARDTM Akamai Confidential Avoid data theft and downtime by extending the security perimeter outside the data-center and protect from increasing frequency, scale and sophistication of web attacks. A Pervasive Platform: • Every major city • Every major network • One network hop away from 95% users Accelerating: • 5 of the top 5 high tech firms • 3 of the top 3 stock exchanges • 5 of the top 5 M&E firms • 5 of the top 5 ecommerce firms Akamai has 400+ customers in India, including the who’s who of the Indian Enterprise! Akamai in India
  26. 26. ©2015 AKAMAI | FASTER FORWARDTM Akamai Confidential Grow revenue opportunities with fast, personalized web experiences and manage complexity from peak demand, mobile devices and data collection. 216,000+ servers 1,500+ networks 650+ cities 120+ countries A GLOBAL PLATFORM All top 60 eCommerce sites All top 30 M&E companies All branches of the U.S. military All top 10 banks DELIVERING 13+ MILLION HOSTNAMES 40+ million hits per second 2+ trillion deliveries per day 30+ terabits per second ACCELERATING DAILY TRAFFIC OF Akamai Today Delivering 15-30+% of All Web Traffic
  27. 27. ©2015 AKAMAI | FASTER FORWARDTM Akamai Confidential Grow revenue opportunities with fast, personalized web experiences and manage complexity from peak demand, mobile devices and data collection. Thank You!

×