Com quinze anos de experiência no mercado de segurança móvel nos setores comercial, financeiro e do governo, Corey Marshall, Arquiteto de Soluções de Segurança da F5 Networks, líder global em Application Dellivery Networking, concedeu a equipe do CryptoID uma entrevista exclusiva direto de Seattle, sobre uma das ameaças mais debatidas na rede.
Falamos dos ataques DDoS, sigla para Distributed Denial of Service, ou Ataque de Negação de Serviço, que na prática impossibilita acessos e derruba sites e redes ao redor do mundo através de um mecanismo que evolui diariamente.
No Brasil, a F5 Networks conta com uma equipe comandada pelo Country Manager André Mello, e oferece a seus clientes três diferentes linhas de segurança focadas no conhecimento de cada aplicação para melhor gerenciá-las. E é sobre a principal dessas aplicações que Corey conversou conosco, confira:
CryptoID: What are DDoS attacks?
Corey Marshall: DDoS stands for ‘Distributed Denial of Service Attack’. DoS attacks can generally be described as an attack designed to disrupt or disable a service. DDoS or distributed DoS attacks would be a DoS attack carried out by 2 or more nodes. The attacks are usually carried out by botnets which are groups of computers or other network connected devices that have been compromised and are being remotely controlled by a 3rd party.
CryptoID: When the attacks did begin and how does it works?
Corey Marshall: The 1st documented DDoS attacks occurred in 2000 when a hacker known as “mafia boy” launched attacks against various ecommerce sites.
DDoS attacks can generally classified into 3 categories:
– Volumetric—Flood-based attacks that can be at layer 3, 4, or 7. In this case, attacks will flood your system with so many requests that the system cannot respond to legitimate requests.
– Asymmetric—Attacks designed to invoke timeouts or session-state changes.
– Computational—Attacks designed to consume CPU and memory.
– Vulnerability-based—Attacks that exploit software vulnerabilities.
CryptoID: How can companies prevent themselves of the attacks?
Corey Marshall: Companies should 1st assess their vulnerability to DDoS attacks. Once companies are aware of what problems they may have then they should work to reduce their risk of being impacted by DDoS attack through the right combination of processes, technology and services.
CryptoID: Why is so difficult to find solution for the attack?
Corey Marshall: The attack surface, or the opportunity for attacks is almost limitless, meaning the attackers have to get the attack correct only once, but the defenders have to get the defense correct every time.
CryptoID: Could you explain us the main target of DDoS?
Corey Marshall: Targets of a DDoS attack are typically medium to large corporations and governments. However, DDoS attacks can also be targeted at an individual as commonly seen in gaming in order to gain an advantage.
CryptoID: Did they get personal or confidential info’s when they attack?
Corey Marshall: Confidential information can be held hostage or for ransom as a form of denial of service attack. In fact, we have seen a ransom type of attacks increase in frequency and impact. Also, attackers may use a DDoS as a distraction while they penetrate an organization to steal confidential information.
CryptoID: Which sites are most vulnerable to this kind of attack?
Corey Marshall: Any computer turned on and connected to a network is vulnerable to a DDoS attack. Attacks have figured out that they can bypass perimeter defense by hijacking nodes on trusted internal networks and use them to launch attacks where there are little to no defenses. This is why it is important for organizations to defend against attacks from both trusted and untrusted networks.
CryptoID: Which is the Brazilian scenario for virtual attacks and how is comparable to the rest f the world?
Corey Marshall: I think Brazil will see more politically motivated attacks as a form of protest against the government and large institutions. Increasingly as services such as TV and telephony services migrate to the Internet, the DDoS attacks will have a larger impact on the public and critical infrastructure as recently seen in Europe. On the horizon I think that organizations in Brazil should be shoring up their defenses ahead of the 2016 Olympic Games.
CryptoID: Which are the legal measures that be used to protect the enterprises from this attacks?
Corey Marshall: There are typically very few legal measures an organization can take unless the attack is launched using identifiable sources, for example: a company whose network was used in an attack against another company. That organization should be held liable for damages due to negligence in not sufficiently protecting their infrastructure and allowing it to be used in an attack.
CryptoID: Would you please give us the most important cases of DDoS attacks? And how did it work?
Corey Marshall: I really can’t point to one attack as being more important than another, but in my mind the Spamhaus attack of 2013 in which a very simply attack known a DNS amplification was able to generate traffics in excess of 120 Gbps, far more than more organizations are prepared to handle. Amplification works when an attacker node can send a small spoofed request designed to look like it originated from the target to illicit a large response from the requested service. This is far more effective if an attacking node actually attacked the target directly and carried the additional benefit of masking the attacker and utilizing fewer attacker resources. Also, the attack highlighted how even common, ubiquitous services can be exploited to cause great harm; an analogy would be using a bottle of water to rob a bank.
CryptoID: How important is the prevention of the attack?
Corey Marshall: This depends on the cost of not preventing an attack. An ecommerce site loses revenue every second it is offline, while a government institution being offline may impact wide swaths of the population; potentially leading to wider economic loses or even public safety issues if people aren’t able to access government services.
CryptoID: How the common user can be informed about DDoS and how can we help them?
Corey Marshall: The common user can help by reducing the risk that their machines will become part of a botnet used in an attack by:
- Installing the latest software patches.
- Practice good internet behavior; be wary of links or documents sent in e-mail that may even appear to be from valid sources.
- Run a decent anti-virus solution, many of which are free.