cool hit counter Join us to listen to Cloudcenter Labs instructors talk about DDoS attack and defense| CSS2018 Cloud Security Sub-Forum Continued_Intefrankly

Join us to listen to Cloudcenter Labs instructors talk about DDoS attack and defense| CSS2018 Cloud Security Sub-Forum Continued


| Reprinted with permission from FreeBuf

New technologies such as artificial intelligence, cloud computing, and big data are profoundly affecting the Internet world. In this context, the threats to cybersecurity are also changing and escalating. Tencent Cloud Vice President Lai Wei was also on The 4th CSS Internet Security Leadership Summit As mentioned above, security has long gone beyond technology and is tied to changes in the industry as a whole.

There is such an attack technique that dates back as far as 1996 and can basically be considered a living fossil of the Internet hacking community. This ancient attack has evolved over nearly two decades to be used today, is low cost and effective, and even set a new record for attack traffic in the first half of 2018 ......

(Image source online)

In the Cloud Security sub-forum on the second day of CSS, Song Bing, a threat intelligence researcher at Tencent Security Yunding Lab, brought us his sharing - New Trends in DDoS 2018. According to Song Bing, DDoS has been transformed from a long chain of blackmail methods with a clear division of labor to automation, platform-based and highly integrated, and the automation of order placement and attack automation of the attack platform makes enterprises defenceless.

(Song Bing, Threat Intelligence Researcher, Yunding Lab, Tencent Security)

DDoS attack traffic peaks continue to be surpassed every year, with one Memcached DDoS attack in the first half of this year reaching a new high with a peak of 1.7 Tbps.

Peak attack traffic of 1.7 Tbps. 50,000 reflectance magnification. A small number of reflective sources to achieve high traffic attacks. The main sources of reflection are in China, the United States and Europe. has been commonly integrated by DDoS blackmail platforms.

Song Bing said in his speech that with the Internetization of various industries, the DDoS attack surface is also increasing. The gaming industry has been on the cusp of interest due to its largest daily streams and fast cash, making it a prime target for DDoS attacks and the most attacked industry among all industries in the first half of 2018. What is of concern is that after the Internetization of traditional industries such as healthcare, IoT and education, they have also suffered from different levels of attacks and are on the rise.

(Image source online)

Statistically, the most popular DDoS attack methods in 2018 include Reflected Amplification Attack, SYN Flood and HTTP Flood. If we count by the number of attacks, the main attack traffic interval is within 5G, which accounts for more than half of the total. However, the corresponding classification of attack types based on the distribution of traffic interval shares is more difficult to distinguish, and there is a lot of crossover.

Flow situation

The main attack traffic interval is within 5G. The cumulative number of attacks exceeding one hundred Gs represents less than 5 per cent of the total number of attacks. 100-200 Gbps over 100 G accounts for the largest share.

Matching situation

Hundred G flows dominated by reflection amplification. Shift from single type attacks to combination attacks.

Speaking about the key DDoS blackmail part, Song Bing mentioned that traditional attacks have seven links, while the current latest page-side attacks are much more convenient. It is easy to go wrong with more attack links, for example, the gold owner or buyer first needs to find some DDoS groups or online forums to send, through the middleman then to find the attacker, which amounts to three links. Then the real launch of the attack is the next few hours, or even a day later, with a significantly longer cycle.

The page-side attack platform is much more convenient and does not require the webmaster to be involved in the DDoS attack. The gold owner or attacker goes to the relevant website and registers, purchases the DDoS service to get it done straight away, and the rest goes through an automated API that can hit a big traffic attack for 200-500 bucks.

It's called a "stress test", search for a surprise ......

(Image source online)

The bottom line is that page-side DDoS attack sites put the trust link in place really well through the card-issuing platform. According to Song Bing's introduction, the card issuing platform is not only used by DDoS, but also by many other black and grey industries. In the course of their research, they found that pornography, fraud and gambling all relied on card-issuing platforms to complete transactions, which shows how finely divided and deeply coupled the blackmail chain is in the current environment.

In addition, Song Bing also presented a case study on DDoS traceability categorization and analysis at the conference. Aggregating traffic with similar attack hits, similar attack sources, and similar attack frequency and duration often yields unexpected results and gains. I learned that earlier this year, the Tencent Guardian Program team had successfully assisted the Shenzhen Internet Police in investigating and collecting evidence through traceability and categorization analysis, eventually locking up the "Dark Night Attack Team" behind the scenes.

(Image source online)

It is reported that the gang members are mostly active outside the country and have more than 800G of network attack traffic, mainly attacking online games, third-party payments and live video platforms to seize market share for profit. Since 2015, under the leadership of organizer Yuan Mouhui to implement cyber-attack criminal activities, two years to develop into the most influential DDoS blackmail gang in China.

At the end of the meeting, Song Bing mentioned that Tencent Security Cloud Ding Lab has also done a lot of DDoS-related research, including prior warning and solid evidence analysis, and he looks forward to sharing more related content in the future to discuss with everyone.


Recommended>>
1、Democratic Experiment Simpsons Paradox Economic Downturn Leads to Social Advance
2、PHP JAVA NET Development Languages Comparison
3、The original various kinds of seethrough fried gold auxiliary software
4、Building Your Own PHP Framework
5、Machine room operations and maintenance are boring Take a look at Bank of China Data Center Infrastructure Visualization OM Management

    已推荐到看一看 和朋友分享想法
    最多200字,当前共 发送

    已发送

    朋友将在看一看看到

    确定
    分享你的想法...
    取消

    分享想法到看一看

    确定
    最多200字,当前共

    发送中

    网络异常,请稍后重试

    微信扫一扫
    关注该公众号