Embed Size (px)
Citation preview
Kibernetika povsod
E-zdravje
Avtonomna vozila Industrija 4.0
Pametna infrastruktura, energetika Pametni dom
Zabava, sociala
Kibernetska odvisnost
Ključna vrednost in varnost
Podatki in informacije
Razpoložljivi (availability)
Celoviti (integrity)
Nerazkriti (confidentiality)
Napadi so
Kompleksnost kibernetskih groženj
Izbris p
odatk
ov
spre
mem
ba
odtu
jitev
razkritje
zlo
raba
Onem
og
očanje
Phishing, spear Phishing
Zlonamerna koda
SQL inj /XSS
DoS/DDoS
Password brute forcePremoženjska korist
Zlonamernost
Dokazovanje
Hacktivizem
Sistemski napadi
Razlogi in motivi
Nameni napadov
Metode napadov
Man-in-the-middle
Drive-by
Prisluh
Oportunistični Povzročena
škoda
Ciljani600 miljard škode
1.500 miljard prometa
0,8% GDP
1/7 kriminalnih transakcij
Tveganja informacijske varnosti
Varnostne
kontroleViri
Ranljivosti
Tveganja
Vrednost
virovVarnostne
zahteve
Grožnje
povečujejo
izrabljajo
povečujejo
varujejo pred
zmanjšujejo
določajoso zadovoljene z
izpostavljajo
imajopovečujejo
odpravljajo
Strategije in ukrepi za obvladovanje tveganj kibernetske varnosti
Strategije kibernetske varnosti
EU, država, podjetja, ustanove
Organizacijski
ukrepi
politike, pravila
Regulativa, priporočila, standardi
NIS, GDPR, NIST, ISO, PCI, VDA ,…
Tehnični ukrepi
fizika, database,
OS,app,omrežje
Operativni
Center
Kibernetske
Varnosti
Finančno
zavarovanje
Ocena tveganj
prioritete
ISO/IEC 27001
NIS / NIST
Ogrodje kibernetske varnosti
Preprečevanje Odkrivanje Odzivanje Obnovitev
Poslovno okolje
Sredstva
Upravljanje varovanja
informacij, tveganja
Identitete, pravice
tehnologije
Spremljanje dogodkov
Analiza odstopanja
Zaznava incidentov
Priprava
Načrtovanje odzivanja
Odprava incidentov
Načrtovanje obnovitev
Izvajanje obnovitev
Analiza odzivanja
Interno in zunanje komuniciranje
Izboljševanje
Analiza stanja
Osveščanje,
izobraževanje
Cybersecurity Framework
Telekom Slovenije ponuja
Operativni Center Kibernetske Varnosti kot storitev
Izvajamo pregled stanja informacijske varnosti, skladnosti
Izvajamo varnostne teste, teste ranljivosti
Zagotavljamo DDoS zaščito
Sodelujemo v mednarodnih vajah kibernetske varnosti
Implementiramo varnostne rešitve
Zagotavljamo infranet omrežje
Ponujamo visoko varno osebno komunikacijo Biokoda
Omogočamo zanesljivo in varno IaaS okolje
Omogočamo podatkovno hrambo kot storitev
Kaj dogaja na DDoS
sceni
11 Naslov prezentacije
DDoS napadi na Slovenske IP naslove v 2018
FORWARD THIS MAIL TO WHOEVER IS IMPORTANT IN YOUR COMPANY AND CAN MAKE DECISION!
We are Armada Collective.
In past, we launched one of the largest attacks in Switzerland's history. Use Google.
All network of XXXXXXXXXXXXXX will be DDoS-ed starting Monday, October 9th. if you don't
pay 4 Bitcoins @ XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
When we say all, we mean all - users will not be able to use any of your services.
Right now we will start 15 minutes attack on one of your IPs (X.X.X.X). It will not be
hard, we will not crash it at the moment to try to minimize eventual damage, which we want
to avoid at this moment. It's just to prove that this is not a hoax. Check your logs!
If you don't pay by October 9th, attack will start, price to stop will increase to 10 BTC
and will go up 2 BTC for every day of attack.
If you report this to media and try to get some free publicity by using our name, instead
of paying, attack will start permanently and will last for a long time.
This is not a joke.
Our attacks are extremely powerful - our Mirai botnet can reach over 1 Tbps per second.
So, no protection will help.
Prevent it all with just 4 BTC @ XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Do not reply, we will probably not read. Pay and we will know its you. AND YOU WILL NEVER
AGAIN HEAR FROM US!
Bitcoin is anonymous, nobody will ever know you cooperated.
--
Armada Collective
4 Bitcoins
10 Bitcoins
Last for a long time
1 Tbps
attack
DDoS
pay by
Še pomnite ?
DDoS napadi na Slovenske IP naslove v 2018
Attacks: 41.8 k , Peak Volume: 23.4 Gbps , Peak Speed: 7.47 Mpps , Peak Duration: 4 days (3 days, 16 hours)
Top Attack Types: Total Traffic, IP Fragmentation, TCP null
363
41
894
1437
39062
DDoS napadi na Slovenske IP naslove v 2018
15 Naslov prezentacije
DDoS napadi na Slovenske IP naslove februar 2019Attacks: 5.71 k, Peak Volume: 18 Gbps, Peak Speed: 2.15 Mpps, Peak Duration: 2 hours
4
49
114
5542
Decembra 2018 onemogočeno 15 DDoS-aaS storitev
www.critical-boot.com
www.ragebooter.com
www.anonsecurityteam.com
www.downthem.org
www.quantumstress.net
www.booter.ninja
www.bullstresser.net
www.defcon.pro
www.str3ssed.me
www.defianceprotocol.com
www.layer7-stresser.xyz
www.netstress.org
www.request.rip
www.torsecurityteam.org
www.Vbooter.org
www.webstresser.org
In April 2018 the Dutch police took down the world's biggest DDoS-for-hire
service that helped cyber criminals launch over 4 million attacks, and arrested its
administrators.
Quantum Stresser—one of the longest-running DDoS services in operation with over
80,000 customer subscriptions as of November 29 since its launch in 2012.
In 2018 alone, Quantum Stresser was used to launch more than 50,000 "actual or
attempted" DDoS attacks targeting victims worldwide
Between October 2014 and November 2018, Downthem had more than 2000
customer subscriptions and had been used to "conduct, or attempt to conduct, over
200,000 DDoS attacks," according to the FBI.
Rezultat:
• kratkotrajno znižanje obsega napadov
• dvig cene DDoS-aas storitev
• novi ponudniki, selitev na darkweb
Bolečina leta - memcached
Memcached DDoS attack tool is written in Python that uses Shodan search
engine API to obtain a fresh list of vulnerable Memcached servers and then sends
spoofed source UDP packets to each server.
As Memcached is such an effective
DDoS reflector (can reach
amplification levels up to
1:500,000), the Booter/Stresser
community doesn’t have to rely on
finding and taking advantage of
unsecure installations.
They can simply deploy their own
vulnerable servers around the world
at various Hosting Providers, paying
with stolen credit cards or using one
of the various Crypto Currencies.
These servers can then be used as
Memcached DDoS reflectors until
the Hosting Provider detects the
abuse of their services and takes the
servers down.
Bolečina leta - memcached
Bolečina leta - memcached
Bolečina leta - memcached
