Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

BLOG: Akamai researchers on BroBot DDoS and adversarial resilience

Bill Brenner | April 24, 2013
Two of the more interesting talks I attended during SOURCE Boston 2013 were from Akamai.

I wrote quite a bit about SOURCE Boston 2013 last week. As always, the event was full of top-notch content. This last post on SOURCE is about two of the more interesting talks I attended, both from researchers at Akamai.

I chose these presentations because I'm always fascinated by the data Akamai has access to. At last check, the company was handling tens of billions of daily Web interactions for 90 of the top 100 online U.S. retailers, 29 of the top 30 global media and entertainment companies, nine of the top 10 world banks, and all branches of the U.S. military.

The first talk, by Akamai Senior Security Architect Eric Kobrin, was an analysis of the BroBot DDoS attacks that have targeted the banking sector. The attacks are something we've reported on extensively at CSO, and much of what he said was no surprise.

We knew, for example, that:

--The amount of bandwidth flooding websites was substantial. Akamai CSO Andy Ellis recently wrotethat BroBot botnets are routinely tossing around 30 Gbps attacks, with peaks upwards of 80 Gbps.

--The DDoS attacks are crude, exploiting large networks of compromised machines to overwhelm a website with requests. 

--The battle often comes down to the amount of bandwidth a banking site has and whether it is large enough to withstand traffic from the botnet and customers. "If the attacker can find a way to exhaust the resources of any business critical component of the system, they win," Jeremiah Grossman, chief technology officer for Whitehat Security, recently told writer Antone Gonsalves.

But Kobrin offered some fresh color to the picture.

For example, he noted, the compromised machines often get that way because attackers were able to own them through security holes in the online content management systems (CMS) content publishers take for granted. The Wordpress interface you use to blog? It could have been used to make your computer part of the botnet, and it's something you would not notice. That vanity email domain you opened for yourself? That's an easy target, too.

One of the problems is that the hosted service providers build sites to be as accessible as possible and to make them easy for Google to index. As you've heard by now, accessibility and security are often at odds.

"There is no single cause," Kobrin said. "A half a dozen failures have to happen along the way." One such failure is a lack of routine patching. Another failure is that admin access is often easy to get.

What to do about all this? Kobrin offered this advice:

--Banks can build a more defensible online infrastructure, get a better handle on all the apps in its system and build closer relationships with its hosting providers, since attacks usually come from trouble on the provider's side of the court.


1  2  Next Page 

Sign up for Computerworld eNewsletters.