State of the Internet: Mirai, IOT and History of Botnets
•Download as PPTX, PDF•
0 likes•767 views
Ashwani Singhal, Head Security Operations Center Akamai
Recommended
Recommended
More Related Content
What's hot
What's hot (20)
Viewers also liked
Viewers also liked (20)
Similar to State of the Internet: Mirai, IOT and History of Botnets
Similar to State of the Internet: Mirai, IOT and History of Botnets (20)
More from Rahul Neel Mani
More from Rahul Neel Mani (19)
Recently uploaded
Recently uploaded (20)
State of the Internet: Mirai, IOT and History of Botnets
- 1. State of the Internet: Mirai, IOT & History of Botnets Ashvini Singhal, Head - Security Operations Center, Akamai
- 2. ©2015 AKAMAI | FASTER FORWARDTM Akamai Confidential Grow revenue opportunities with fast, personalized web experiences and manage complexity from peak demand, mobile devices and data collection. Internet- Threat Lanscape
- 3. ©2015 AKAMAI | FASTER FORWARDTM Akamai Confidential DDoS Attack Trends
- 4. ©2015 AKAMAI | FASTER FORWARDTM Akamai Confidential What Comes to Mind When your Hear the Word? BotNet
- 5. ©2015 AKAMAI | FASTER FORWARDTM Akamai Confidential DDoS Malware Service Disruption Something “Bad”
- 6. ©2015 AKAMAI | FASTER FORWARDTM Akamai Confidential A group of internet-connected devices controlled by a central system What does a BotNet Really Mean?
- 7. ©2015 AKAMAI | FASTER FORWARDTM Akamai Confidential Lee Enfield No.4 Mk2 Firepower - Then
- 8. ©2015 AKAMAI | FASTER FORWARDTM Akamai Confidential Firepower - NOW
- 9. ©2015 AKAMAI | FASTER FORWARDTM Akamai Confidential What made it so EASY?
- 10. ©2015 AKAMAI | FASTER FORWARDTM Akamai Confidential IOT – Internet of Things
- 11. ©2015 AKAMAI | FASTER FORWARDTM Akamai Confidential Large Attacks – Q3 2016
- 12. ©2015 AKAMAI | FASTER FORWARDTM Akamai Confidential Large Attacks – Q4 2016
- 13. ©2015 AKAMAI | FASTER FORWARDTM Akamai Confidential Botnet Attacks
- 14. ©2015 AKAMAI | FASTER FORWARDTM Akamai Confidential Mirai- Botnet
- 15. ©2015 AKAMAI | FASTER FORWARDTM Akamai Confidential Mirai (Japanese for “The Future”) What is Mirai? This tool achieved particular notoriety for its specific targeting of IoT devices, such as IP cameras, WiFi-connected refrigerators, unsecured home routers, etc
- 16. ©2015 AKAMAI | FASTER FORWARDTM Akamai Confidential 3 Typical Attack Targets: • Datacenter routing • DNS • Application Problem is, if any of the 3 are taken out, the entire enterprise is taken out Unlike many Attack Bots, Mirai can be very specifically aimed at all 3 targets with great accuracy Mirai Baseline
- 17. ©2015 AKAMAI | FASTER FORWARDTM Akamai Confidential Mirai – Attack Vector
- 18. ©2015 AKAMAI | FASTER FORWARDTM Akamai Confidential Avoid data theft and downtime by extending the security perimeter outside the data-center and protect from increasing frequency, scale and sophistication of web attacks. Command and Control Report server Infection server Manually Infected IoT Device Component's of the Mirai Bot Net
- 19. ©2015 AKAMAI | FASTER FORWARDTM Akamai Confidential Life Form
- 20. ©2015 AKAMAI | FASTER FORWARDTM Akamai Confidential Avoid data theft and downtime by extending the security perimeter outside the data-center and protect from increasing frequency, scale and sophistication of web attacks. 1.1.1.1 admin admin✓ 1.1.1.1 admin admin ✓ The IoT Bot scans the internet for other devices and test default username and password combosSuccessful results are sent to the Report server.Report server sends results to the Infection server to infect new bot.Bots come online and connect to the C2 for instructs and maintain heartbeatBots come online and connect to the C2 for instructs and maintain heartbeat and restarts processes. C2 Report Infection BasicAnatomy IoT infection
- 21. ©2015 AKAMAI | FASTER FORWARDTM Akamai Confidential Mirai – Scanning
- 22. ©2015 AKAMAI | FASTER FORWARDTM Akamai Confidential Mirai Attack – DNS Variant
- 23. ©2015 AKAMAI | FASTER FORWARDTM Akamai Confidential Mirai Attack – Broad Spectrum Attack
- 24. ©2015 AKAMAI | FASTER FORWARDTM Akamai Confidential What Can You Do? Phase 1 • Strict access controls on your firewall(Datacenter, Web and DNS) Phase 2 • Loosen your Phase I controls to bring secondary services back online Phase 3 • Bring all services back online KNOW YOUR ENVIRONMENT
- 25. ©2015 AKAMAI | FASTER FORWARDTM Akamai Confidential Avoid data theft and downtime by extending the security perimeter outside the data-center and protect from increasing frequency, scale and sophistication of web attacks. A Pervasive Platform: • Every major city • Every major network • One network hop away from 95% users Accelerating: • 5 of the top 5 high tech firms • 3 of the top 3 stock exchanges • 5 of the top 5 M&E firms • 5 of the top 5 ecommerce firms Akamai has 400+ customers in India, including the who’s who of the Indian Enterprise! Akamai in India
- 26. ©2015 AKAMAI | FASTER FORWARDTM Akamai Confidential Grow revenue opportunities with fast, personalized web experiences and manage complexity from peak demand, mobile devices and data collection. 216,000+ servers 1,500+ networks 650+ cities 120+ countries A GLOBAL PLATFORM All top 60 eCommerce sites All top 30 M&E companies All branches of the U.S. military All top 10 banks DELIVERING 13+ MILLION HOSTNAMES 40+ million hits per second 2+ trillion deliveries per day 30+ terabits per second ACCELERATING DAILY TRAFFIC OF Akamai Today Delivering 15-30+% of All Web Traffic
- 27. ©2015 AKAMAI | FASTER FORWARDTM Akamai Confidential Grow revenue opportunities with fast, personalized web experiences and manage complexity from peak demand, mobile devices and data collection. Thank You!