Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                
SlideShare a Scribd company logo

"Frontline Battles with DDoS: Best practices and Lessons Learned", Igor Ivaniuk

•
•
Fwdays
Fwdays

At this talk we will discuss DDoS protection tools and best practices, discuss network architectures and what AWS has to offer. Also, we will look into one of the largest DDoS attacks on Ukrainian infrastructure that happened in February 2022. We'll see, what techniques helped to keep the web resources available for Ukrainians and how AWS improved DDoS protection for all customers based on Ukraine experience

Technology
1 of 65
Download to read offline
© 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved.
© 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved. How we approach DDoS threat research Threat landscape in 2024 Customer case study: Ukraine, 2022 Agenda
© 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved. DDoS threat research Protect Amazon infrastructure and customers, making AWS an unattractive target for cyber threats © 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved.
© 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved. Our approach Analyze inbound and outbound internet traffic Convert research into actionable threat intelligence for our customers Disrupt the capability of unauthorized users to repeatedly and easily target us
© 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved. Leverage AWS’s reach and scale to detect threats 600+ points of presence (POP) across 100+ cities in 50 countries Exabytes of data analyzed every 60 sec. Thousands of DDoS attacks mitigated every day 100+ billion AWS-managed rules requests processed per day
© 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved. 0 20,000 40,000 60,000 80,000 100,000 120,000 9/1/22 10/1/22 11/1/22 12/1/22 1/1/23 2/1/23 3/1/23 4/1/23 5/1/23 6/1/23 7/1/23 8/1/23 DDoS Events Month AWS Shield DDoS events detected per month DDoS isn’t going away 56% Application layer 40% YoY growth
© 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved. From video games to critical public infrastructure
© 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved. Proxy-based L7 DDoS attacks Proxy Proxy driver Target
© 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved. Botnets Command & control Bots
© 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved. Tracking DDoS infrastructure
© 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved. Known offenders © 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved.
© 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved. Known offenders 1.2.3.4 2.3.4.5 3.4.5.6 4.5.6.7 AnyAuthority ELB AnyCompany NLB AnyOrganization CloudFront Distribution
© 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved. Known offenders 1.2.3.4 2.3.4.5 3.4.5.6 4.5.6.7 AnyAuthority ELB AnyCompany NLB AnyOrganization CloudFront Distribution
© 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved. Tracking known offenders
© 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved. Available as a Managed Rule for AWS WAF Amazon CloudFront AWSManagedIPReputationList Elastic Load Balancing (ELB) Amazon API Gateway
© 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved. Internal success stories Amazon CloudFront AWS Management Console Amazon.com
© 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS Shield automatic mitigation AWS Shield detects attack AWS Shield deploys L7KO AWS Shield analyzes traffic AWS Shield deploys attack signature
© 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved. © 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. MadPot
© 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved. Global-scale threat intelligence using the AWS Cloud 10k+ sensors deployed globally Observes 100M+ potential threat interactions daily 500,000activities classified as malicious daily
© 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved. MadPot (Honeypot) network Amazon GuardDuty AWS Shield AWS WAF Internet MadPot
© 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved. We are making a difference https://www.theregister.com/2023/ 10/02/aws_security_madpot/ AWS stirs the MadPot – busting bot baddies and eastern espionage Security exec Mark Ryland spills the tea on hush-hush threat intel tool
© 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved. Takedown © 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved.
© 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved. Proxy-based L7 DDoS Attacks Proxy driver Target 🍯 Proxy honeypot
© 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved. Top talking networks by proxy drivers Linode Hetzner Online Digital Ocean FranTech Solutions SoftLayer Technologies Interserver Psychz Networks Scaleway Dedioutlet- network-phx DediPath myLoc manage d IT AG Akamai Connect ed Cloud Edgevirt Choopa, LLC Kamater a Inc Hetzner Online GmbH Aggros Operati ons… Worl dStre am… Relia bleSit e.N… Wind str… Ad… Re… AE… Or… H… M… A… V… RW -… O… C… R… D… T… M… L… C… L… Pe b… i… D… L… I… 1… M… N… D… S… C… 1… W… D… U… R C Z A Y T S C E P I A H D H C C C S C A P S u T U H S T C A S C N 3 B C T C D Linode Hetzner Online Digital Ocean FranTech Solutions SoftLayer Technologies Interserver Psychz Networks Scaleway Dedioutlet-network-phx DediPath myLoc managed IT AG Akamai Connected Cloud Edgevirt Choopa, LLC Kamatera Inc Hetzner Online GmbH Aggros Operations Ltd. WorldStream B.V. ReliableSite.Net LLC Windstream Communications
© 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved. Botnet C2 Case Study free.bot.c2
© 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved. Botnet C2 Case Study 0 5 10 15 20 25 30 35 40 5/14/23 12:00 5/14/23 13:00 5/14/23 14:00 5/14/23 15:00 5/14/23 16:00 5/14/23 17:00 5/14/23 18:00 5/14/23 19:00 5/14/23 20:00 5/14/23 21:00 5/14/23 22:00 5/14/23 23:00 5/15/23 0:00 5/15/23 1:00 5/15/23 2:00 5/15/23 3:00 5/15/23 4:00 5/15/23 5:00 5/15/23 6:00 5/15/23 7:00 5/15/23 8:00 5/15/23 9:00 5/15/23 10:00 5/15/23 11:00 5/15/23 13:00 5/15/23 14:00 5/15/23 15:00 5/15/23 16:00 5/15/23 17:00 5/15/23 18:00 5/15/23 19:00 5/15/23 20:00 5/15/23 21:00 5/15/23 22:00 5/15/23 23:00 5/16/23 0:00 5/16/23 1:00 5/16/23 2:00 5/16/23 3:00 5/16/23 4:00 5/16/23 5:00 5/16/23 6:00 5/16/23 7:00 5/16/23 8:00 5/16/23 9:00 5/16/23 10:00 5/16/23 11:00 5/16/23 12:00 5/16/23 13:00 5/16/23 14:00 5/16/23 15:00 5/16/23 16:00 5/16/23 17:00 5/16/23 18:00 5/16/23 19:00 5/16/23 20:00 5/16/23 21:00 5/16/23 22:00 5/16/23 23:00 5/17/23 0:00 5/17/23 1:00 5/17/23 2:00 5/17/23 3:00 5/17/23 4:00 5/17/23 5:00 5/17/23 6:00 5/17/23 7:00 5/17/23 8:00 5/17/23 9:00 5/17/23 10:00 DDoS Attacks per Hour Orchestrated by C2
© 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved. Botnet C2 Case Study 0 50 100 150 200 250 300 350 China Telecom xTom Hangzhou Alibaba Advertising Co.,Ltd. China Unicom China Mobile Tencent cloud computing China Telecom Guangdong Overland Storage xTom Hong Kong Limited VMISS Plus Provedor De Internet Ltda OVH SAS OVH Hosting Metfone Amazon.com Level 3 Communications Web Lacerda Provedor De Internet Ltda Akamai Technologies DDoS Attacks by Targeted Networks Orchestrated by C2
© 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved. Botnet C2 Case Study
© 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved. Botnet C2 Case Study
© 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved. Proxy driver takedown
© 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved. Proxy driver takedown
© 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved. Proxy driver takedown
© 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved. Threat Landscape Per Industry
© 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved. P A R I S O L Y M P I C S 34 Threat Landscape Olympics The Olympics is a known WW target of massive and systemic cyberattacks • London 2012 : 200 million cyberattacks • Rio 2016 : 400 million cyberattacks • Tokyo 2020 : 450 million cyberattacks
© 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved. P A R I S O L Y M P I C S 35 Threat Landscape Olympics We expect eight to 12 times the Tokyo numbers of cyber attacks ” • Mr. Franz Regul • CISO of the Paris Olympic organizing committee I have no doubt whatsoever that Russia would try to target the Paris Olympics “ ” Emmanuel Macron President of France
© 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved. R E T A I L 36 Threat Landscape
© 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved. Threat Data
© 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved. Last 12 months statistics 212k 842 Gbps 155 M RPS 221 M PPS Total Attacks Largest request flood attack Largest bandwidth heavy attack Largest packet attack
© 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved. 39 Infrastructure and Application (HTTP) layer DDoS events application infrastructure 2021 2020 2022 2024 Count of events
© 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved. 40 2024 – DDoS events in the numbers Infrastructure DDoS events 360 thousands events detected in 2024 -1.0% YoY decrease Application (HTTP) DDoS events 526 thousands events detected in 2024 52.1% YoY increase 63,000 61,000 136,000 100,000 Q1 Q2 Q3 Q4 Infrastructure Layer DDoS events Quarter Infrastructure DDoS Events 2024 100000 118000 143000 164000 Q1 Q2 Q3 Q4 Application DDoS events Quarter Application (HTTP) DDoS Events 2024
© 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved. 0 20,000,000 40,000,000 60,000,000 80,000,000 100,000,000 120,000,000 140,000,000 160,000,000 180,000,000 2023 2022 2021 2020 2019 Request Per Second Year 1.5M rps 41 Largest Request Flood Events, As seen by AWS, by year 2.9M rps 4.3M rps 8.4M rps 155M rps
© 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved. 42 Infrastructure Layer DDoS Events in 2024 – Distribution by top vectors 30.6% 25.0% 15.5% 11.0% 7.7% 6.0% 2.7% 0.0% 5.0% 10.0% 15.0% 20.0% 25.0% 30.0% 35.0% S Y N _ F L O O D D N S _ R E F L E C T I O N S S D P _ R E F L E C T I O N N T P _ R E F L E C T I O N M E M C A C H E D _ R E F L E C T I O N S N M P _ R E F L E C T I O N G E N E R I C _ U D P _ R E F L E C T I O N Share of all events Event Vectors
© 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved. 43 Infrastructure Layer DDoS Events in 2022 vs 2024 – top emerging events 401.3% 349.2% 122.2% 105.7% 91.0% 24.9% 8.8% 0% 50% 100% 150% 200% 250% 300% 350% 400% 450% R I P _ R E F L E C T I O N H T T P _ R E F L E C T I O N R E Q U E S T _ F L O O D D N S _ R E F L E C T I O N U D S _ R E F L E C T I O N G E N E R I C _ U D P _ R E F L E C T I O N N T P _ R E F L E C T I O N
© 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved. 44 Quarterly P99 Request per second, by year 0 20,000 40,000 60,000 80,000 100,000 120,000 140,000 160,000 180,000 200,000 Q1 Q2 Q3 Q4 2019 2020 2021 2022 2023 P99 Request per second 19.9% YoY increase
© 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved. DDoS from the Front Row
© 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved. Amazon Confidential and Trademark. Customer responsibility • Design resilient architectures: § Use AWS services with better protection against DDoS attacks § Reduce the attack surface § Build scalable applications • Use application level security controls such as AWS WAF. • Ensure observability and monitor the traffic to understand baseline • Detect anomaly, prepare run book for incident response which involves platform support 46
© 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved. Amazon Confidential and Trademark. Protecting web applications 47 Private subnet Amazon CloudFront Amazon Route 53 AWS WAF AWS Cloud Public subnet ALB AWS Edge Services Region AWS WAF Compute Capacity Amazon S3 VPC Shield Advanced protected resource
© 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved. Amazon Confidential and Trademark. Protecting on-premise applications 48 Private subnet Amazon CloudFront Amazon Route 53 AWS WAF AWS Cloud Public subnet Application Load Balancer AWS Edge Services Region Corporate data center TGW Customer Gateway DX/VPN Internet Compute Capacity Shield Advanced protected resource
© 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved. Amazon Confidential and Trademark. AWS Shield Advanced Features 49 AWS Shield Advanced Near real-time events visibility and alerting 24/7 Support of AWS Shield Response Team Health-based detection and proactive event response Infrastructure and application protection (L3-7) Application attack detection and automatic mitigation with AWS WAF Cost protection for scaling during an attack Amazon Route53 Amazon CloudFront AWS Global Accelerator Elastic Load Balancing Elastic IP Protected Resources AWS Firewall Manager for Centralized Management AWS WAF for Application protection
© 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved. Amazon Confidential and Trademark. February 15th, 2022 50 On the 15-16th February a number of Ukrainian websites were taken offline due to Distributed Denial-of- Service (DDoS) attacks. The impacted sites included Banks, Government and Military websites.
© 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved. Amazon Confidential and Trademark. Attack profile 51 • Mirai botnet (actually – forked “Katana” network) • Mikrotiks, Avtech network cameras, etc • Not just DDoS: • Fake SMS messages about ATM issues • A denial of service attack against the .gov.ua DNS servers; and • A BGP hijacking attack against the Privatbank IP space causing difficulties routing traffic to their network.
© 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved. Amazon Confidential and Trademark. Customer ingress architecture 52
© 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved. Amazon Confidential and Trademark. Chronology 53 Feb 15.02 12:00 - attack started (first wave) 18:00 - customer reaches out AWS account team 18:20 - internal escalation inside AWS 19:26 - customer case created 19:46 - AWS war room created 22:00 - WAF configured for mobile endpoint 23:00 - WAF configured for web endpoint Feb 16.02 00:00 - attack peak (first wave) 3:00 - attack stopped (first wave) 10:00 - attack start (second wave) 11:50 - Shield Advanced activated 12:00 - attack stopped (second wave)
© 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved. Amazon Confidential and Trademark. GA overloaded -> AWS outage in GRU (Brazil) 54
© 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved. Amazon Confidential and Trademark. 55 Firewall Appliances gave up and started leaking
© 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved. Amazon Confidential and Trademark. WAF to the rescue 56
© 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved. Amazon Confidential and Trademark. WAF to the rescue 57 • Block Brazil traffic • Reputation list - block • Core rule set • Rate-limit - 2000 requests
© 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved. Amazon Confidential and Trademark. WAF to the rescue 58
© 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved. Amazon Confidential and Trademark. WAF to the rescue 59
© 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved. Amazon Confidential and Trademark. So, why do we still need Shield Advanced? Shield Advanced enabled 60
© 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved. Amazon Confidential and Trademark. L3/L4 attacks 61
© 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved. Amazon Confidential and Trademark. Stats 62
© 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved. Amazon Confidential and Trademark. Stats 63 Wave 1: mobile: 1.5Mrps - total blocked 1.266Mrps - rate-limited - most efficient rule 333Krps - county block (Brazil) web: 20Gbps - incoming bandwidth 1.6Mrps - total blocked 1.17Mrps - rate-limited - most efficient rule 333Krps - county block (Brazil) Wave 2: mobile: not affected web: 40Gbps - incoming bandwidth 3.6Mrps - total blocked 2.6Mrps - rate-limited - most efficient rule 666Krps - county block (Brazil)
© 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved. Amazon Confidential and Trademark. It’s not over yet… 64
© 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved. Thank you! © 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved. Please complete the session survey

Recommended

Best Practices to Mitigate from the Emerging Vectors of Network Attack
Best Practices to Mitigate from the Emerging Vectors of Network AttackBest Practices to Mitigate from the Emerging Vectors of Network Attack
Best Practices to Mitigate from the Emerging Vectors of Network Attack
Amazon Web Services
 
A Self-Defending Border: Protect Your Web-Facing Workloads with AWS Security ...
A Self-Defending Border: Protect Your Web-Facing Workloads with AWS Security ...A Self-Defending Border: Protect Your Web-Facing Workloads with AWS Security ...
A Self-Defending Border: Protect Your Web-Facing Workloads with AWS Security ...
Amazon Web Services
 
Creating Your Virtual Data Center - VPC Fundamentals and Connectivity Options...
Creating Your Virtual Data Center - VPC Fundamentals and Connectivity Options...Creating Your Virtual Data Center - VPC Fundamentals and Connectivity Options...
Creating Your Virtual Data Center - VPC Fundamentals and Connectivity Options...
Amazon Web Services
 
VPC Design and New Capabilities for Amazon VPC
VPC Design and New Capabilities for Amazon VPCVPC Design and New Capabilities for Amazon VPC
VPC Design and New Capabilities for Amazon VPC
Amazon Web Services
 
Find all the threats - AWS threat detection and remediation - SEC202 - Atlant...
Find all the threats - AWS threat detection and remediation - SEC202 - Atlant...Find all the threats - AWS threat detection and remediation - SEC202 - Atlant...
Find all the threats - AWS threat detection and remediation - SEC202 - Atlant...
Amazon Web Services
 
Continuous security monitoring and threat detection with AWS services - SEC20...
Continuous security monitoring and threat detection with AWS services - SEC20...Continuous security monitoring and threat detection with AWS services - SEC20...
Continuous security monitoring and threat detection with AWS services - SEC20...
Amazon Web Services
 
Protect your applications from DDoS/BOT & Advanced Attacks
Protect your applications from DDoS/BOT & Advanced AttacksProtect your applications from DDoS/BOT & Advanced Attacks
Protect your applications from DDoS/BOT & Advanced Attacks
Amazon Web Services
 
Protect Your Game Servers from DDoS Attacks - AWS Online Tech Talks
Protect Your Game Servers from DDoS Attacks - AWS Online Tech TalksProtect Your Game Servers from DDoS Attacks - AWS Online Tech Talks
Protect Your Game Servers from DDoS Attacks - AWS Online Tech Talks
Amazon Web Services
 

Recommended

Best Practices to Mitigate from the Emerging Vectors of Network Attack
Best Practices to Mitigate from the Emerging Vectors of Network AttackBest Practices to Mitigate from the Emerging Vectors of Network Attack
Best Practices to Mitigate from the Emerging Vectors of Network Attack
Amazon Web Services
 
A Self-Defending Border: Protect Your Web-Facing Workloads with AWS Security ...
A Self-Defending Border: Protect Your Web-Facing Workloads with AWS Security ...A Self-Defending Border: Protect Your Web-Facing Workloads with AWS Security ...
A Self-Defending Border: Protect Your Web-Facing Workloads with AWS Security ...
Amazon Web Services
 
Creating Your Virtual Data Center - VPC Fundamentals and Connectivity Options...
Creating Your Virtual Data Center - VPC Fundamentals and Connectivity Options...Creating Your Virtual Data Center - VPC Fundamentals and Connectivity Options...
Creating Your Virtual Data Center - VPC Fundamentals and Connectivity Options...
Amazon Web Services
 
VPC Design and New Capabilities for Amazon VPC
VPC Design and New Capabilities for Amazon VPCVPC Design and New Capabilities for Amazon VPC
VPC Design and New Capabilities for Amazon VPC
Amazon Web Services
 
Find all the threats - AWS threat detection and remediation - SEC202 - Atlant...
Find all the threats - AWS threat detection and remediation - SEC202 - Atlant...Find all the threats - AWS threat detection and remediation - SEC202 - Atlant...
Find all the threats - AWS threat detection and remediation - SEC202 - Atlant...
Amazon Web Services
 
Continuous security monitoring and threat detection with AWS services - SEC20...
Continuous security monitoring and threat detection with AWS services - SEC20...Continuous security monitoring and threat detection with AWS services - SEC20...
Continuous security monitoring and threat detection with AWS services - SEC20...
Amazon Web Services
 
Protect your applications from DDoS/BOT & Advanced Attacks
Protect your applications from DDoS/BOT & Advanced AttacksProtect your applications from DDoS/BOT & Advanced Attacks
Protect your applications from DDoS/BOT & Advanced Attacks
Amazon Web Services
 
Protect Your Game Servers from DDoS Attacks - AWS Online Tech Talks
Protect Your Game Servers from DDoS Attacks - AWS Online Tech TalksProtect Your Game Servers from DDoS Attacks - AWS Online Tech Talks
Protect Your Game Servers from DDoS Attacks - AWS Online Tech Talks
Amazon Web Services
 
AWS networking fundamentals
AWS networking fundamentalsAWS networking fundamentals
AWS networking fundamentals
Amazon Web Services
 
Amazon VPC: Security at the Speed Of Light (NET313) - AWS re:Invent 2018
Amazon VPC: Security at the Speed Of Light (NET313) - AWS re:Invent 2018Amazon VPC: Security at the Speed Of Light (NET313) - AWS re:Invent 2018
Amazon VPC: Security at the Speed Of Light (NET313) - AWS re:Invent 2018
Amazon Web Services
 
AWS networking fundamentals - SVC303 - Santa Clara AWS Summit
AWS networking fundamentals - SVC303 - Santa Clara AWS SummitAWS networking fundamentals - SVC303 - Santa Clara AWS Summit
AWS networking fundamentals - SVC303 - Santa Clara AWS Summit
Amazon Web Services
 
A Self-Defending Border - Protect Your Web-Facing Workloads with AWS Security...
A Self-Defending Border - Protect Your Web-Facing Workloads with AWS Security...A Self-Defending Border - Protect Your Web-Facing Workloads with AWS Security...
A Self-Defending Border - Protect Your Web-Facing Workloads with AWS Security...
Amazon Web Services
 
AWS CZSK Webinář 2019.05: Jak chránit vaše webové aplikace před DDoS útoky
AWS CZSK Webinář 2019.05: Jak chránit vaše webové aplikace před DDoS útokyAWS CZSK Webinář 2019.05: Jak chránit vaše webové aplikace před DDoS útoky
AWS CZSK Webinář 2019.05: Jak chránit vaše webové aplikace před DDoS útoky
Vladimir Simek
 
Innovate - Cybersecurity: A Drive Force Behind Cloud Adoption
Innovate - Cybersecurity: A Drive Force Behind Cloud AdoptionInnovate - Cybersecurity: A Drive Force Behind Cloud Adoption
Innovate - Cybersecurity: A Drive Force Behind Cloud Adoption
Amazon Web Services
 
How to Architect and Bring to Market SaaS on AWS GovCloud (US)
How to Architect and Bring to Market SaaS on AWS GovCloud (US)How to Architect and Bring to Market SaaS on AWS GovCloud (US)
How to Architect and Bring to Market SaaS on AWS GovCloud (US)
Amazon Web Services
 
AWS Networking Fundamentals - SVC304 - Anaheim AWS Summit
AWS Networking Fundamentals - SVC304 - Anaheim AWS SummitAWS Networking Fundamentals - SVC304 - Anaheim AWS Summit
AWS Networking Fundamentals - SVC304 - Anaheim AWS Summit
Amazon Web Services
 
Orchestrate Perimeter Security Across Distributed Applications (SEC326) - AWS...
Orchestrate Perimeter Security Across Distributed Applications (SEC326) - AWS...Orchestrate Perimeter Security Across Distributed Applications (SEC326) - AWS...
Orchestrate Perimeter Security Across Distributed Applications (SEC326) - AWS...
Amazon Web Services
 
Automating DDos and WAF responses - AWS Summit Cape Town 2018
Automating DDos and WAF responses - AWS Summit Cape Town 2018Automating DDos and WAF responses - AWS Summit Cape Town 2018
Automating DDos and WAF responses - AWS Summit Cape Town 2018
Amazon Web Services
 
Security & Identity: the Continuous Mitigation & Diagnostic Journey on AWS
Security & Identity: the Continuous Mitigation & Diagnostic Journey on AWSSecurity & Identity: the Continuous Mitigation & Diagnostic Journey on AWS
Security & Identity: the Continuous Mitigation & Diagnostic Journey on AWS
Amazon Web Services
 
AWS Networking Fundamentals
AWS Networking FundamentalsAWS Networking Fundamentals
AWS Networking Fundamentals
Amazon Web Services
 
Fundamentals of AWS networking - SVC303 - Atlanta AWS Summit
Fundamentals of AWS networking - SVC303 - Atlanta AWS SummitFundamentals of AWS networking - SVC303 - Atlanta AWS Summit
Fundamentals of AWS networking - SVC303 - Atlanta AWS Summit
Amazon Web Services
 
Plan Advanced AWS Networking Architectures - SRV323 - Chicago AWS Summit
Plan Advanced AWS Networking Architectures - SRV323 - Chicago AWS SummitPlan Advanced AWS Networking Architectures - SRV323 - Chicago AWS Summit
Plan Advanced AWS Networking Architectures - SRV323 - Chicago AWS Summit
Amazon Web Services
 
SRV204 Creating Your Virtual Data Center: VPC Fundamentals and Connectivity ...
SRV204 Creating Your Virtual Data Center: VPC Fundamentals and Connectivity ... SRV204 Creating Your Virtual Data Center: VPC Fundamentals and Connectivity ...
SRV204 Creating Your Virtual Data Center: VPC Fundamentals and Connectivity ...
Amazon Web Services
 
Edge immersion days module 2 - protect your application at the edge using a...
Edge immersion days module 2 - protect your application at the edge using a...Edge immersion days module 2 - protect your application at the edge using a...
Edge immersion days module 2 - protect your application at the edge using a...
RoiElbaz1
 
PlanificaciĂłn de arquitecturas de red de AWS - MXO211 - Mexico City Summit
PlanificaciĂłn de arquitecturas de red de AWS - MXO211 - Mexico City SummitPlanificaciĂłn de arquitecturas de red de AWS - MXO211 - Mexico City Summit
PlanificaciĂłn de arquitecturas de red de AWS - MXO211 - Mexico City Summit
Amazon Web Services
 
Building a Hybrid Cloud Architecture Utilizing AWS Landing Zones
Building a Hybrid Cloud Architecture Utilizing AWS Landing ZonesBuilding a Hybrid Cloud Architecture Utilizing AWS Landing Zones
Building a Hybrid Cloud Architecture Utilizing AWS Landing Zones
Tom Laszewski
 
Find all the threats: AWS threat detection and mitigation - SEC302 - Santa Cl...
Find all the threats: AWS threat detection and mitigation - SEC302 - Santa Cl...Find all the threats: AWS threat detection and mitigation - SEC302 - Santa Cl...
Find all the threats: AWS threat detection and mitigation - SEC302 - Santa Cl...
Amazon Web Services
 
AWS SSA Webinar 11 - Getting started on AWS: Security
AWS SSA Webinar 11 - Getting started on AWS: SecurityAWS SSA Webinar 11 - Getting started on AWS: Security
AWS SSA Webinar 11 - Getting started on AWS: Security
Cobus Bernard
 
"What does it really mean for your system to be available, or how to define w...
"What does it really mean for your system to be available, or how to define w..."What does it really mean for your system to be available, or how to define w...
"What does it really mean for your system to be available, or how to define w...
Fwdays
 
"Microservices and multitenancy - how to serve thousands of databases in one ...
"Microservices and multitenancy - how to serve thousands of databases in one ..."Microservices and multitenancy - how to serve thousands of databases in one ...
"Microservices and multitenancy - how to serve thousands of databases in one ...
Fwdays
 

More Related Content

Similar to "Frontline Battles with DDoS: Best practices and Lessons Learned", Igor Ivaniuk

AWS networking fundamentals
AWS networking fundamentalsAWS networking fundamentals
AWS networking fundamentals
Amazon Web Services
 
Amazon VPC: Security at the Speed Of Light (NET313) - AWS re:Invent 2018
Amazon VPC: Security at the Speed Of Light (NET313) - AWS re:Invent 2018Amazon VPC: Security at the Speed Of Light (NET313) - AWS re:Invent 2018
Amazon VPC: Security at the Speed Of Light (NET313) - AWS re:Invent 2018
Amazon Web Services
 
AWS networking fundamentals - SVC303 - Santa Clara AWS Summit
AWS networking fundamentals - SVC303 - Santa Clara AWS SummitAWS networking fundamentals - SVC303 - Santa Clara AWS Summit
AWS networking fundamentals - SVC303 - Santa Clara AWS Summit
Amazon Web Services
 
A Self-Defending Border - Protect Your Web-Facing Workloads with AWS Security...
A Self-Defending Border - Protect Your Web-Facing Workloads with AWS Security...A Self-Defending Border - Protect Your Web-Facing Workloads with AWS Security...
A Self-Defending Border - Protect Your Web-Facing Workloads with AWS Security...
Amazon Web Services
 
AWS CZSK Webinář 2019.05: Jak chránit vaše webové aplikace před DDoS útoky
AWS CZSK Webinář 2019.05: Jak chránit vaše webové aplikace před DDoS útokyAWS CZSK Webinář 2019.05: Jak chránit vaše webové aplikace před DDoS útoky
AWS CZSK Webinář 2019.05: Jak chránit vaše webové aplikace před DDoS útoky
Vladimir Simek
 
Innovate - Cybersecurity: A Drive Force Behind Cloud Adoption
Innovate - Cybersecurity: A Drive Force Behind Cloud AdoptionInnovate - Cybersecurity: A Drive Force Behind Cloud Adoption
Innovate - Cybersecurity: A Drive Force Behind Cloud Adoption
Amazon Web Services
 
How to Architect and Bring to Market SaaS on AWS GovCloud (US)
How to Architect and Bring to Market SaaS on AWS GovCloud (US)How to Architect and Bring to Market SaaS on AWS GovCloud (US)
How to Architect and Bring to Market SaaS on AWS GovCloud (US)
Amazon Web Services
 
AWS Networking Fundamentals - SVC304 - Anaheim AWS Summit
AWS Networking Fundamentals - SVC304 - Anaheim AWS SummitAWS Networking Fundamentals - SVC304 - Anaheim AWS Summit
AWS Networking Fundamentals - SVC304 - Anaheim AWS Summit
Amazon Web Services
 
Orchestrate Perimeter Security Across Distributed Applications (SEC326) - AWS...
Orchestrate Perimeter Security Across Distributed Applications (SEC326) - AWS...Orchestrate Perimeter Security Across Distributed Applications (SEC326) - AWS...
Orchestrate Perimeter Security Across Distributed Applications (SEC326) - AWS...
Amazon Web Services
 
Automating DDos and WAF responses - AWS Summit Cape Town 2018
Automating DDos and WAF responses - AWS Summit Cape Town 2018Automating DDos and WAF responses - AWS Summit Cape Town 2018
Automating DDos and WAF responses - AWS Summit Cape Town 2018
Amazon Web Services
 
Security & Identity: the Continuous Mitigation & Diagnostic Journey on AWS
Security & Identity: the Continuous Mitigation & Diagnostic Journey on AWSSecurity & Identity: the Continuous Mitigation & Diagnostic Journey on AWS
Security & Identity: the Continuous Mitigation & Diagnostic Journey on AWS
Amazon Web Services
 
AWS Networking Fundamentals
AWS Networking FundamentalsAWS Networking Fundamentals
AWS Networking Fundamentals
Amazon Web Services
 
Fundamentals of AWS networking - SVC303 - Atlanta AWS Summit
Fundamentals of AWS networking - SVC303 - Atlanta AWS SummitFundamentals of AWS networking - SVC303 - Atlanta AWS Summit
Fundamentals of AWS networking - SVC303 - Atlanta AWS Summit
Amazon Web Services
 
Plan Advanced AWS Networking Architectures - SRV323 - Chicago AWS Summit
Plan Advanced AWS Networking Architectures - SRV323 - Chicago AWS SummitPlan Advanced AWS Networking Architectures - SRV323 - Chicago AWS Summit
Plan Advanced AWS Networking Architectures - SRV323 - Chicago AWS Summit
Amazon Web Services
 
SRV204 Creating Your Virtual Data Center: VPC Fundamentals and Connectivity ...
SRV204 Creating Your Virtual Data Center: VPC Fundamentals and Connectivity ... SRV204 Creating Your Virtual Data Center: VPC Fundamentals and Connectivity ...
SRV204 Creating Your Virtual Data Center: VPC Fundamentals and Connectivity ...
Amazon Web Services
 
Edge immersion days module 2 - protect your application at the edge using a...
Edge immersion days module 2 - protect your application at the edge using a...Edge immersion days module 2 - protect your application at the edge using a...
Edge immersion days module 2 - protect your application at the edge using a...
RoiElbaz1
 
PlanificaciĂłn de arquitecturas de red de AWS - MXO211 - Mexico City Summit
PlanificaciĂłn de arquitecturas de red de AWS - MXO211 - Mexico City SummitPlanificaciĂłn de arquitecturas de red de AWS - MXO211 - Mexico City Summit
PlanificaciĂłn de arquitecturas de red de AWS - MXO211 - Mexico City Summit
Amazon Web Services
 
Building a Hybrid Cloud Architecture Utilizing AWS Landing Zones
Building a Hybrid Cloud Architecture Utilizing AWS Landing ZonesBuilding a Hybrid Cloud Architecture Utilizing AWS Landing Zones
Building a Hybrid Cloud Architecture Utilizing AWS Landing Zones
Tom Laszewski
 
Find all the threats: AWS threat detection and mitigation - SEC302 - Santa Cl...
Find all the threats: AWS threat detection and mitigation - SEC302 - Santa Cl...Find all the threats: AWS threat detection and mitigation - SEC302 - Santa Cl...
Find all the threats: AWS threat detection and mitigation - SEC302 - Santa Cl...
Amazon Web Services
 
AWS SSA Webinar 11 - Getting started on AWS: Security
AWS SSA Webinar 11 - Getting started on AWS: SecurityAWS SSA Webinar 11 - Getting started on AWS: Security
AWS SSA Webinar 11 - Getting started on AWS: Security
Cobus Bernard
 

Similar to "Frontline Battles with DDoS: Best practices and Lessons Learned", Igor Ivaniuk (20)

AWS networking fundamentals
AWS networking fundamentalsAWS networking fundamentals
AWS networking fundamentals
 
Amazon VPC: Security at the Speed Of Light (NET313) - AWS re:Invent 2018
Amazon VPC: Security at the Speed Of Light (NET313) - AWS re:Invent 2018Amazon VPC: Security at the Speed Of Light (NET313) - AWS re:Invent 2018
Amazon VPC: Security at the Speed Of Light (NET313) - AWS re:Invent 2018
 
AWS networking fundamentals - SVC303 - Santa Clara AWS Summit
AWS networking fundamentals - SVC303 - Santa Clara AWS SummitAWS networking fundamentals - SVC303 - Santa Clara AWS Summit
AWS networking fundamentals - SVC303 - Santa Clara AWS Summit
 
A Self-Defending Border - Protect Your Web-Facing Workloads with AWS Security...
A Self-Defending Border - Protect Your Web-Facing Workloads with AWS Security...A Self-Defending Border - Protect Your Web-Facing Workloads with AWS Security...
A Self-Defending Border - Protect Your Web-Facing Workloads with AWS Security...
 
AWS CZSK Webinář 2019.05: Jak chránit vaše webové aplikace před DDoS útoky
AWS CZSK Webinář 2019.05: Jak chránit vaše webové aplikace před DDoS útokyAWS CZSK Webinář 2019.05: Jak chránit vaše webové aplikace před DDoS útoky
AWS CZSK Webinář 2019.05: Jak chránit vaše webové aplikace před DDoS útoky
 
Innovate - Cybersecurity: A Drive Force Behind Cloud Adoption
Innovate - Cybersecurity: A Drive Force Behind Cloud AdoptionInnovate - Cybersecurity: A Drive Force Behind Cloud Adoption
Innovate - Cybersecurity: A Drive Force Behind Cloud Adoption
 
How to Architect and Bring to Market SaaS on AWS GovCloud (US)
How to Architect and Bring to Market SaaS on AWS GovCloud (US)How to Architect and Bring to Market SaaS on AWS GovCloud (US)
How to Architect and Bring to Market SaaS on AWS GovCloud (US)
 
AWS Networking Fundamentals - SVC304 - Anaheim AWS Summit
AWS Networking Fundamentals - SVC304 - Anaheim AWS SummitAWS Networking Fundamentals - SVC304 - Anaheim AWS Summit
AWS Networking Fundamentals - SVC304 - Anaheim AWS Summit
 
Orchestrate Perimeter Security Across Distributed Applications (SEC326) - AWS...
Orchestrate Perimeter Security Across Distributed Applications (SEC326) - AWS...Orchestrate Perimeter Security Across Distributed Applications (SEC326) - AWS...
Orchestrate Perimeter Security Across Distributed Applications (SEC326) - AWS...
 
Automating DDos and WAF responses - AWS Summit Cape Town 2018
Automating DDos and WAF responses - AWS Summit Cape Town 2018Automating DDos and WAF responses - AWS Summit Cape Town 2018
Automating DDos and WAF responses - AWS Summit Cape Town 2018
 
Security & Identity: the Continuous Mitigation & Diagnostic Journey on AWS
Security & Identity: the Continuous Mitigation & Diagnostic Journey on AWSSecurity & Identity: the Continuous Mitigation & Diagnostic Journey on AWS
Security & Identity: the Continuous Mitigation & Diagnostic Journey on AWS
 
AWS Networking Fundamentals
AWS Networking FundamentalsAWS Networking Fundamentals
AWS Networking Fundamentals
 
Fundamentals of AWS networking - SVC303 - Atlanta AWS Summit
Fundamentals of AWS networking - SVC303 - Atlanta AWS SummitFundamentals of AWS networking - SVC303 - Atlanta AWS Summit
Fundamentals of AWS networking - SVC303 - Atlanta AWS Summit
 
Plan Advanced AWS Networking Architectures - SRV323 - Chicago AWS Summit
Plan Advanced AWS Networking Architectures - SRV323 - Chicago AWS SummitPlan Advanced AWS Networking Architectures - SRV323 - Chicago AWS Summit
Plan Advanced AWS Networking Architectures - SRV323 - Chicago AWS Summit
 
SRV204 Creating Your Virtual Data Center: VPC Fundamentals and Connectivity ...
SRV204 Creating Your Virtual Data Center: VPC Fundamentals and Connectivity ... SRV204 Creating Your Virtual Data Center: VPC Fundamentals and Connectivity ...
SRV204 Creating Your Virtual Data Center: VPC Fundamentals and Connectivity ...
 
Edge immersion days module 2 - protect your application at the edge using a...
Edge immersion days module 2 - protect your application at the edge using a...Edge immersion days module 2 - protect your application at the edge using a...
Edge immersion days module 2 - protect your application at the edge using a...
 
PlanificaciĂłn de arquitecturas de red de AWS - MXO211 - Mexico City Summit
PlanificaciĂłn de arquitecturas de red de AWS - MXO211 - Mexico City SummitPlanificaciĂłn de arquitecturas de red de AWS - MXO211 - Mexico City Summit
PlanificaciĂłn de arquitecturas de red de AWS - MXO211 - Mexico City Summit
 
Building a Hybrid Cloud Architecture Utilizing AWS Landing Zones
Building a Hybrid Cloud Architecture Utilizing AWS Landing ZonesBuilding a Hybrid Cloud Architecture Utilizing AWS Landing Zones
Building a Hybrid Cloud Architecture Utilizing AWS Landing Zones
 
Find all the threats: AWS threat detection and mitigation - SEC302 - Santa Cl...
Find all the threats: AWS threat detection and mitigation - SEC302 - Santa Cl...Find all the threats: AWS threat detection and mitigation - SEC302 - Santa Cl...
Find all the threats: AWS threat detection and mitigation - SEC302 - Santa Cl...
 
AWS SSA Webinar 11 - Getting started on AWS: Security
AWS SSA Webinar 11 - Getting started on AWS: SecurityAWS SSA Webinar 11 - Getting started on AWS: Security
AWS SSA Webinar 11 - Getting started on AWS: Security
 

More from Fwdays

"What does it really mean for your system to be available, or how to define w...
"What does it really mean for your system to be available, or how to define w..."What does it really mean for your system to be available, or how to define w...
"What does it really mean for your system to be available, or how to define w...
Fwdays
 
"Microservices and multitenancy - how to serve thousands of databases in one ...
"Microservices and multitenancy - how to serve thousands of databases in one ..."Microservices and multitenancy - how to serve thousands of databases in one ...
"Microservices and multitenancy - how to serve thousands of databases in one ...
Fwdays
 
"Scaling RAG Applications to serve millions of users", Kevin Goedecke
"Scaling RAG Applications to serve millions of users", Kevin Goedecke"Scaling RAG Applications to serve millions of users", Kevin Goedecke
"Scaling RAG Applications to serve millions of users", Kevin Goedecke
Fwdays
 
"NATO Hackathon Winner: AI-Powered Drug Search", Taras Kloba
"NATO Hackathon Winner: AI-Powered Drug Search", Taras Kloba"NATO Hackathon Winner: AI-Powered Drug Search", Taras Kloba
"NATO Hackathon Winner: AI-Powered Drug Search", Taras Kloba
Fwdays
 
"Black Monday: The Story of 5.5 Hours of Downtime", Dmytro Dziubenko
"Black Monday: The Story of 5.5 Hours of Downtime", Dmytro Dziubenko"Black Monday: The Story of 5.5 Hours of Downtime", Dmytro Dziubenko
"Black Monday: The Story of 5.5 Hours of Downtime", Dmytro Dziubenko
Fwdays
 
"Reaching 3_000_000 HTTP requests per second — conclusions from participation...
"Reaching 3_000_000 HTTP requests per second — conclusions from participation..."Reaching 3_000_000 HTTP requests per second — conclusions from participation...
"Reaching 3_000_000 HTTP requests per second — conclusions from participation...
Fwdays
 
"$10 thousand per minute of downtime: architecture, queues, streaming and fin...
"$10 thousand per minute of downtime: architecture, queues, streaming and fin..."$10 thousand per minute of downtime: architecture, queues, streaming and fin...
"$10 thousand per minute of downtime: architecture, queues, streaming and fin...
Fwdays
 
"Choosing proper type of scaling", Olena Syrota
"Choosing proper type of scaling", Olena Syrota"Choosing proper type of scaling", Olena Syrota
"Choosing proper type of scaling", Olena Syrota
Fwdays
 
"What I learned through reverse engineering", Yuri Artiukh
"What I learned through reverse engineering", Yuri Artiukh"What I learned through reverse engineering", Yuri Artiukh
"What I learned through reverse engineering", Yuri Artiukh
Fwdays
 
"Impact of front-end architecture on development cost", Viktor Turskyi
"Impact of front-end architecture on development cost", Viktor Turskyi"Impact of front-end architecture on development cost", Viktor Turskyi
"Impact of front-end architecture on development cost", Viktor Turskyi
Fwdays
 
"Micro frontends: Unbelievably true life story", Dmytro Pavlov
"Micro frontends: Unbelievably true life story", Dmytro Pavlov"Micro frontends: Unbelievably true life story", Dmytro Pavlov
"Micro frontends: Unbelievably true life story", Dmytro Pavlov
Fwdays
 
"Objects validation and comparison using runtime types (io-ts)", Oleksandr Suhak
"Objects validation and comparison using runtime types (io-ts)", Oleksandr Suhak"Objects validation and comparison using runtime types (io-ts)", Oleksandr Suhak
"Objects validation and comparison using runtime types (io-ts)", Oleksandr Suhak
Fwdays
 
"JavaScript. Standard evolution, when nobody cares", Roman Savitskyi
"JavaScript. Standard evolution, when nobody cares", Roman Savitskyi"JavaScript. Standard evolution, when nobody cares", Roman Savitskyi
"JavaScript. Standard evolution, when nobody cares", Roman Savitskyi
Fwdays
 
"How Preply reduced ML model development time from 1 month to 1 day",Yevhen Y...
"How Preply reduced ML model development time from 1 month to 1 day",Yevhen Y..."How Preply reduced ML model development time from 1 month to 1 day",Yevhen Y...
"How Preply reduced ML model development time from 1 month to 1 day",Yevhen Y...
Fwdays
 
"GenAI Apps: Our Journey from Ideas to Production Excellence",Danil Topchii
"GenAI Apps: Our Journey from Ideas to Production Excellence",Danil Topchii"GenAI Apps: Our Journey from Ideas to Production Excellence",Danil Topchii
"GenAI Apps: Our Journey from Ideas to Production Excellence",Danil Topchii
Fwdays
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
Fwdays
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
Fwdays
 
"What is a RAG system and how to build it",Dmytro Spodarets
"What is a RAG system and how to build it",Dmytro Spodarets"What is a RAG system and how to build it",Dmytro Spodarets
"What is a RAG system and how to build it",Dmytro Spodarets
Fwdays
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
Fwdays
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
Fwdays
 

More from Fwdays (20)

"What does it really mean for your system to be available, or how to define w...
"What does it really mean for your system to be available, or how to define w..."What does it really mean for your system to be available, or how to define w...
"What does it really mean for your system to be available, or how to define w...
 
"Microservices and multitenancy - how to serve thousands of databases in one ...
"Microservices and multitenancy - how to serve thousands of databases in one ..."Microservices and multitenancy - how to serve thousands of databases in one ...
"Microservices and multitenancy - how to serve thousands of databases in one ...
 
"Scaling RAG Applications to serve millions of users", Kevin Goedecke
"Scaling RAG Applications to serve millions of users", Kevin Goedecke"Scaling RAG Applications to serve millions of users", Kevin Goedecke
"Scaling RAG Applications to serve millions of users", Kevin Goedecke
 
"NATO Hackathon Winner: AI-Powered Drug Search", Taras Kloba
"NATO Hackathon Winner: AI-Powered Drug Search", Taras Kloba"NATO Hackathon Winner: AI-Powered Drug Search", Taras Kloba
"NATO Hackathon Winner: AI-Powered Drug Search", Taras Kloba
 
"Black Monday: The Story of 5.5 Hours of Downtime", Dmytro Dziubenko
"Black Monday: The Story of 5.5 Hours of Downtime", Dmytro Dziubenko"Black Monday: The Story of 5.5 Hours of Downtime", Dmytro Dziubenko
"Black Monday: The Story of 5.5 Hours of Downtime", Dmytro Dziubenko
 
"Reaching 3_000_000 HTTP requests per second — conclusions from participation...
"Reaching 3_000_000 HTTP requests per second — conclusions from participation..."Reaching 3_000_000 HTTP requests per second — conclusions from participation...
"Reaching 3_000_000 HTTP requests per second — conclusions from participation...
 
"$10 thousand per minute of downtime: architecture, queues, streaming and fin...
"$10 thousand per minute of downtime: architecture, queues, streaming and fin..."$10 thousand per minute of downtime: architecture, queues, streaming and fin...
"$10 thousand per minute of downtime: architecture, queues, streaming and fin...
 
"Choosing proper type of scaling", Olena Syrota
"Choosing proper type of scaling", Olena Syrota"Choosing proper type of scaling", Olena Syrota
"Choosing proper type of scaling", Olena Syrota
 
"What I learned through reverse engineering", Yuri Artiukh
"What I learned through reverse engineering", Yuri Artiukh"What I learned through reverse engineering", Yuri Artiukh
"What I learned through reverse engineering", Yuri Artiukh
 
"Impact of front-end architecture on development cost", Viktor Turskyi
"Impact of front-end architecture on development cost", Viktor Turskyi"Impact of front-end architecture on development cost", Viktor Turskyi
"Impact of front-end architecture on development cost", Viktor Turskyi
 
"Micro frontends: Unbelievably true life story", Dmytro Pavlov
"Micro frontends: Unbelievably true life story", Dmytro Pavlov"Micro frontends: Unbelievably true life story", Dmytro Pavlov
"Micro frontends: Unbelievably true life story", Dmytro Pavlov
 
"Objects validation and comparison using runtime types (io-ts)", Oleksandr Suhak
"Objects validation and comparison using runtime types (io-ts)", Oleksandr Suhak"Objects validation and comparison using runtime types (io-ts)", Oleksandr Suhak
"Objects validation and comparison using runtime types (io-ts)", Oleksandr Suhak
 
"JavaScript. Standard evolution, when nobody cares", Roman Savitskyi
"JavaScript. Standard evolution, when nobody cares", Roman Savitskyi"JavaScript. Standard evolution, when nobody cares", Roman Savitskyi
"JavaScript. Standard evolution, when nobody cares", Roman Savitskyi
 
"How Preply reduced ML model development time from 1 month to 1 day",Yevhen Y...
"How Preply reduced ML model development time from 1 month to 1 day",Yevhen Y..."How Preply reduced ML model development time from 1 month to 1 day",Yevhen Y...
"How Preply reduced ML model development time from 1 month to 1 day",Yevhen Y...
 
"GenAI Apps: Our Journey from Ideas to Production Excellence",Danil Topchii
"GenAI Apps: Our Journey from Ideas to Production Excellence",Danil Topchii"GenAI Apps: Our Journey from Ideas to Production Excellence",Danil Topchii
"GenAI Apps: Our Journey from Ideas to Production Excellence",Danil Topchii
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
 
"What is a RAG system and how to build it",Dmytro Spodarets
"What is a RAG system and how to build it",Dmytro Spodarets"What is a RAG system and how to build it",Dmytro Spodarets
"What is a RAG system and how to build it",Dmytro Spodarets
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 

Recently uploaded

Day 2 - Intro to UiPath Studio Fundamentals
Day 2 - Intro to UiPath Studio FundamentalsDay 2 - Intro to UiPath Studio Fundamentals
Day 2 - Intro to UiPath Studio Fundamentals
UiPathCommunity
 
What is an RPA CoE? Session 2 – CoE Roles
What is an RPA CoE? Session 2 – CoE RolesWhat is an RPA CoE? Session 2 – CoE Roles
What is an RPA CoE? Session 2 – CoE Roles
DianaGray10
 
Guidelines for Effective Data Visualization
Guidelines for Effective Data VisualizationGuidelines for Effective Data Visualization
Guidelines for Effective Data Visualization
UmmeSalmaM1
 
Cyber Recovery Wargame
Cyber Recovery WargameCyber Recovery Wargame
Cyber Recovery Wargame
Databarracks
 
Call Girls Chandigarh🔥7023059433🔥Agency Profile Escorts in Chandigarh Availab...
Call Girls Chandigarh🔥7023059433🔥Agency Profile Escorts in Chandigarh Availab...Call Girls Chandigarh🔥7023059433🔥Agency Profile Escorts in Chandigarh Availab...
Call Girls Chandigarh🔥7023059433🔥Agency Profile Escorts in Chandigarh Availab...
manji sharman06
 
Connector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectors
Connector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectorsConnector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectors
Connector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectors
DianaGray10
 
QA or the Highway - Component Testing: Bridging the gap between frontend appl...
QA or the Highway - Component Testing: Bridging the gap between frontend appl...QA or the Highway - Component Testing: Bridging the gap between frontend appl...
QA or the Highway - Component Testing: Bridging the gap between frontend appl...
zjhamm304
 
Introducing BoxLang : A new JVM language for productivity and modularity!
Introducing BoxLang : A new JVM language for productivity and modularity!Introducing BoxLang : A new JVM language for productivity and modularity!
Introducing BoxLang : A new JVM language for productivity and modularity!
Ortus Solutions, Corp
 
Discover the Unseen: Tailored Recommendation of Unwatched Content
Discover the Unseen: Tailored Recommendation of Unwatched ContentDiscover the Unseen: Tailored Recommendation of Unwatched Content
Discover the Unseen: Tailored Recommendation of Unwatched Content
ScyllaDB
 
AWS Certified Solutions Architect Associate (SAA-C03)
AWS Certified Solutions Architect Associate (SAA-C03)AWS Certified Solutions Architect Associate (SAA-C03)
AWS Certified Solutions Architect Associate (SAA-C03)
HarpalGohil4
 
From Natural Language to Structured Solr Queries using LLMs
From Natural Language to Structured Solr Queries using LLMsFrom Natural Language to Structured Solr Queries using LLMs
From Natural Language to Structured Solr Queries using LLMs
Sease
 
A Deep Dive into ScyllaDB's Architecture
A Deep Dive into ScyllaDB's ArchitectureA Deep Dive into ScyllaDB's Architecture
A Deep Dive into ScyllaDB's Architecture
ScyllaDB
 
An All-Around Benchmark of the DBaaS Market
An All-Around Benchmark of the DBaaS MarketAn All-Around Benchmark of the DBaaS Market
An All-Around Benchmark of the DBaaS Market
ScyllaDB
 
Northern Engraving | Nameplate Manufacturing Process - 2024
Northern Engraving | Nameplate Manufacturing Process - 2024Northern Engraving | Nameplate Manufacturing Process - 2024
Northern Engraving | Nameplate Manufacturing Process - 2024
Northern Engraving
 
Apps Break Data
Apps Break DataApps Break Data
Apps Break Data
Ivo Velitchkov
 
Essentials of Automations: Exploring Attributes & Automation Parameters
Essentials of Automations: Exploring Attributes & Automation ParametersEssentials of Automations: Exploring Attributes & Automation Parameters
Essentials of Automations: Exploring Attributes & Automation Parameters
Safe Software
 
PRODUCT LISTING OPTIMIZATION PRESENTATION.pptx
PRODUCT LISTING OPTIMIZATION PRESENTATION.pptxPRODUCT LISTING OPTIMIZATION PRESENTATION.pptx
PRODUCT LISTING OPTIMIZATION PRESENTATION.pptx
christinelarrosa
 
Session 1 - Intro to Robotic Process Automation.pdf
Session 1 - Intro to Robotic Process Automation.pdfSession 1 - Intro to Robotic Process Automation.pdf
Session 1 - Intro to Robotic Process Automation.pdf
UiPathCommunity
 
Getting the Most Out of ScyllaDB Monitoring: ShareChat's Tips
Getting the Most Out of ScyllaDB Monitoring: ShareChat's TipsGetting the Most Out of ScyllaDB Monitoring: ShareChat's Tips
Getting the Most Out of ScyllaDB Monitoring: ShareChat's Tips
ScyllaDB
 
QR Secure: A Hybrid Approach Using Machine Learning and Security Validation F...
QR Secure: A Hybrid Approach Using Machine Learning and Security Validation F...QR Secure: A Hybrid Approach Using Machine Learning and Security Validation F...
QR Secure: A Hybrid Approach Using Machine Learning and Security Validation F...
AlexanderRichford
 

Recently uploaded (20)

Day 2 - Intro to UiPath Studio Fundamentals
Day 2 - Intro to UiPath Studio FundamentalsDay 2 - Intro to UiPath Studio Fundamentals
Day 2 - Intro to UiPath Studio Fundamentals
 
What is an RPA CoE? Session 2 – CoE Roles
What is an RPA CoE? Session 2 – CoE RolesWhat is an RPA CoE? Session 2 – CoE Roles
What is an RPA CoE? Session 2 – CoE Roles
 
Guidelines for Effective Data Visualization
Guidelines for Effective Data VisualizationGuidelines for Effective Data Visualization
Guidelines for Effective Data Visualization
 
Cyber Recovery Wargame
Cyber Recovery WargameCyber Recovery Wargame
Cyber Recovery Wargame
 
Call Girls Chandigarh🔥7023059433🔥Agency Profile Escorts in Chandigarh Availab...
Call Girls Chandigarh🔥7023059433🔥Agency Profile Escorts in Chandigarh Availab...Call Girls Chandigarh🔥7023059433🔥Agency Profile Escorts in Chandigarh Availab...
Call Girls Chandigarh🔥7023059433🔥Agency Profile Escorts in Chandigarh Availab...
 
Connector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectors
Connector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectorsConnector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectors
Connector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectors
 
QA or the Highway - Component Testing: Bridging the gap between frontend appl...
QA or the Highway - Component Testing: Bridging the gap between frontend appl...QA or the Highway - Component Testing: Bridging the gap between frontend appl...
QA or the Highway - Component Testing: Bridging the gap between frontend appl...
 
Introducing BoxLang : A new JVM language for productivity and modularity!
Introducing BoxLang : A new JVM language for productivity and modularity!Introducing BoxLang : A new JVM language for productivity and modularity!
Introducing BoxLang : A new JVM language for productivity and modularity!
 
Discover the Unseen: Tailored Recommendation of Unwatched Content
Discover the Unseen: Tailored Recommendation of Unwatched ContentDiscover the Unseen: Tailored Recommendation of Unwatched Content
Discover the Unseen: Tailored Recommendation of Unwatched Content
 
AWS Certified Solutions Architect Associate (SAA-C03)
AWS Certified Solutions Architect Associate (SAA-C03)AWS Certified Solutions Architect Associate (SAA-C03)
AWS Certified Solutions Architect Associate (SAA-C03)
 
From Natural Language to Structured Solr Queries using LLMs
From Natural Language to Structured Solr Queries using LLMsFrom Natural Language to Structured Solr Queries using LLMs
From Natural Language to Structured Solr Queries using LLMs
 
A Deep Dive into ScyllaDB's Architecture
A Deep Dive into ScyllaDB's ArchitectureA Deep Dive into ScyllaDB's Architecture
A Deep Dive into ScyllaDB's Architecture
 
An All-Around Benchmark of the DBaaS Market
An All-Around Benchmark of the DBaaS MarketAn All-Around Benchmark of the DBaaS Market
An All-Around Benchmark of the DBaaS Market
 
Northern Engraving | Nameplate Manufacturing Process - 2024
Northern Engraving | Nameplate Manufacturing Process - 2024Northern Engraving | Nameplate Manufacturing Process - 2024
Northern Engraving | Nameplate Manufacturing Process - 2024
 
Apps Break Data
Apps Break DataApps Break Data
Apps Break Data
 
Essentials of Automations: Exploring Attributes & Automation Parameters
Essentials of Automations: Exploring Attributes & Automation ParametersEssentials of Automations: Exploring Attributes & Automation Parameters
Essentials of Automations: Exploring Attributes & Automation Parameters
 
PRODUCT LISTING OPTIMIZATION PRESENTATION.pptx
PRODUCT LISTING OPTIMIZATION PRESENTATION.pptxPRODUCT LISTING OPTIMIZATION PRESENTATION.pptx
PRODUCT LISTING OPTIMIZATION PRESENTATION.pptx
 
Session 1 - Intro to Robotic Process Automation.pdf
Session 1 - Intro to Robotic Process Automation.pdfSession 1 - Intro to Robotic Process Automation.pdf
Session 1 - Intro to Robotic Process Automation.pdf
 
Getting the Most Out of ScyllaDB Monitoring: ShareChat's Tips
Getting the Most Out of ScyllaDB Monitoring: ShareChat's TipsGetting the Most Out of ScyllaDB Monitoring: ShareChat's Tips
Getting the Most Out of ScyllaDB Monitoring: ShareChat's Tips
 
QR Secure: A Hybrid Approach Using Machine Learning and Security Validation F...
QR Secure: A Hybrid Approach Using Machine Learning and Security Validation F...QR Secure: A Hybrid Approach Using Machine Learning and Security Validation F...
QR Secure: A Hybrid Approach Using Machine Learning and Security Validation F...
 

"Frontline Battles with DDoS: Best practices and Lessons Learned", Igor Ivaniuk

  • 1. © 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved.
  • 2. © 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved. How we approach DDoS threat research Threat landscape in 2024 Customer case study: Ukraine, 2022 Agenda
  • 3. © 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved. DDoS threat research Protect Amazon infrastructure and customers, making AWS an unattractive target for cyber threats © 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved.
  • 4. © 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved. Our approach Analyze inbound and outbound internet traffic Convert research into actionable threat intelligence for our customers Disrupt the capability of unauthorized users to repeatedly and easily target us
  • 5. © 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved. Leverage AWS’s reach and scale to detect threats 600+ points of presence (POP) across 100+ cities in 50 countries Exabytes of data analyzed every 60 sec. Thousands of DDoS attacks mitigated every day 100+ billion AWS-managed rules requests processed per day
  • 6. © 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved. 0 20,000 40,000 60,000 80,000 100,000 120,000 9/1/22 10/1/22 11/1/22 12/1/22 1/1/23 2/1/23 3/1/23 4/1/23 5/1/23 6/1/23 7/1/23 8/1/23 DDoS Events Month AWS Shield DDoS events detected per month DDoS isn’t going away 56% Application layer 40% YoY growth
  • 7. © 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved. From video games to critical public infrastructure
  • 8. © 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved. Proxy-based L7 DDoS attacks Proxy Proxy driver Target
  • 9. © 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved. Botnets Command & control Bots
  • 10. © 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved. Tracking DDoS infrastructure
  • 11. © 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved. Known offenders © 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved.
  • 12. © 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved. Known offenders 1.2.3.4 2.3.4.5 3.4.5.6 4.5.6.7 AnyAuthority ELB AnyCompany NLB AnyOrganization CloudFront Distribution
  • 13. © 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved. Known offenders 1.2.3.4 2.3.4.5 3.4.5.6 4.5.6.7 AnyAuthority ELB AnyCompany NLB AnyOrganization CloudFront Distribution
  • 14. © 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved. Tracking known offenders
  • 15. © 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved. Available as a Managed Rule for AWS WAF Amazon CloudFront AWSManagedIPReputationList Elastic Load Balancing (ELB) Amazon API Gateway
  • 16. © 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved. Internal success stories Amazon CloudFront AWS Management Console Amazon.com
  • 17. © 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS Shield automatic mitigation AWS Shield detects attack AWS Shield deploys L7KO AWS Shield analyzes traffic AWS Shield deploys attack signature
  • 18. © 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved. © 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. MadPot
  • 19. © 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved. Global-scale threat intelligence using the AWS Cloud 10k+ sensors deployed globally Observes 100M+ potential threat interactions daily 500,000activities classified as malicious daily
  • 20. © 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved. MadPot (Honeypot) network Amazon GuardDuty AWS Shield AWS WAF Internet MadPot
  • 21. © 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved. We are making a difference https://www.theregister.com/2023/ 10/02/aws_security_madpot/ AWS stirs the MadPot – busting bot baddies and eastern espionage Security exec Mark Ryland spills the tea on hush-hush threat intel tool
  • 22. © 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved. Takedown © 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved.
  • 23. © 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved. Proxy-based L7 DDoS Attacks Proxy driver Target 🍯 Proxy honeypot
  • 24. © 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved. Top talking networks by proxy drivers Linode Hetzner Online Digital Ocean FranTech Solutions SoftLayer Technologies Interserver Psychz Networks Scaleway Dedioutlet- network-phx DediPath myLoc manage d IT AG Akamai Connect ed Cloud Edgevirt Choopa, LLC Kamater a Inc Hetzner Online GmbH Aggros Operati ons… Worl dStre am… Relia bleSit e.N… Wind str… Ad… Re… AE… Or… H… M… A… V… RW -… O… C… R… D… T… M… L… C… L… Pe b… i… D… L… I… 1… M… N… D… S… C… 1… W… D… U… R C Z A Y T S C E P I A H D H C C C S C A P S u T U H S T C A S C N 3 B C T C D Linode Hetzner Online Digital Ocean FranTech Solutions SoftLayer Technologies Interserver Psychz Networks Scaleway Dedioutlet-network-phx DediPath myLoc managed IT AG Akamai Connected Cloud Edgevirt Choopa, LLC Kamatera Inc Hetzner Online GmbH Aggros Operations Ltd. WorldStream B.V. ReliableSite.Net LLC Windstream Communications
  • 25. © 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved. Botnet C2 Case Study free.bot.c2
  • 26. © 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved. Botnet C2 Case Study 0 5 10 15 20 25 30 35 40 5/14/23 12:00 5/14/23 13:00 5/14/23 14:00 5/14/23 15:00 5/14/23 16:00 5/14/23 17:00 5/14/23 18:00 5/14/23 19:00 5/14/23 20:00 5/14/23 21:00 5/14/23 22:00 5/14/23 23:00 5/15/23 0:00 5/15/23 1:00 5/15/23 2:00 5/15/23 3:00 5/15/23 4:00 5/15/23 5:00 5/15/23 6:00 5/15/23 7:00 5/15/23 8:00 5/15/23 9:00 5/15/23 10:00 5/15/23 11:00 5/15/23 13:00 5/15/23 14:00 5/15/23 15:00 5/15/23 16:00 5/15/23 17:00 5/15/23 18:00 5/15/23 19:00 5/15/23 20:00 5/15/23 21:00 5/15/23 22:00 5/15/23 23:00 5/16/23 0:00 5/16/23 1:00 5/16/23 2:00 5/16/23 3:00 5/16/23 4:00 5/16/23 5:00 5/16/23 6:00 5/16/23 7:00 5/16/23 8:00 5/16/23 9:00 5/16/23 10:00 5/16/23 11:00 5/16/23 12:00 5/16/23 13:00 5/16/23 14:00 5/16/23 15:00 5/16/23 16:00 5/16/23 17:00 5/16/23 18:00 5/16/23 19:00 5/16/23 20:00 5/16/23 21:00 5/16/23 22:00 5/16/23 23:00 5/17/23 0:00 5/17/23 1:00 5/17/23 2:00 5/17/23 3:00 5/17/23 4:00 5/17/23 5:00 5/17/23 6:00 5/17/23 7:00 5/17/23 8:00 5/17/23 9:00 5/17/23 10:00 DDoS Attacks per Hour Orchestrated by C2
  • 27. © 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved. Botnet C2 Case Study 0 50 100 150 200 250 300 350 China Telecom xTom Hangzhou Alibaba Advertising Co.,Ltd. China Unicom China Mobile Tencent cloud computing China Telecom Guangdong Overland Storage xTom Hong Kong Limited VMISS Plus Provedor De Internet Ltda OVH SAS OVH Hosting Metfone Amazon.com Level 3 Communications Web Lacerda Provedor De Internet Ltda Akamai Technologies DDoS Attacks by Targeted Networks Orchestrated by C2
  • 28. © 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved. Botnet C2 Case Study
  • 29. © 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved. Botnet C2 Case Study
  • 30. © 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved. Proxy driver takedown
  • 31. © 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved. Proxy driver takedown
  • 32. © 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved. Proxy driver takedown
  • 33. © 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved. Threat Landscape Per Industry
  • 34. © 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved. P A R I S O L Y M P I C S 34 Threat Landscape Olympics The Olympics is a known WW target of massive and systemic cyberattacks • London 2012 : 200 million cyberattacks • Rio 2016 : 400 million cyberattacks • Tokyo 2020 : 450 million cyberattacks
  • 35. © 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved. P A R I S O L Y M P I C S 35 Threat Landscape Olympics We expect eight to 12 times the Tokyo numbers of cyber attacks ” • Mr. Franz Regul • CISO of the Paris Olympic organizing committee I have no doubt whatsoever that Russia would try to target the Paris Olympics “ ” Emmanuel Macron President of France
  • 36. © 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved. R E T A I L 36 Threat Landscape
  • 37. © 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved. Threat Data
  • 38. © 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved. Last 12 months statistics 212k 842 Gbps 155 M RPS 221 M PPS Total Attacks Largest request flood attack Largest bandwidth heavy attack Largest packet attack
  • 39. © 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved. 39 Infrastructure and Application (HTTP) layer DDoS events application infrastructure 2021 2020 2022 2024 Count of events
  • 40. © 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved. 40 2024 – DDoS events in the numbers Infrastructure DDoS events 360 thousands events detected in 2024 -1.0% YoY decrease Application (HTTP) DDoS events 526 thousands events detected in 2024 52.1% YoY increase 63,000 61,000 136,000 100,000 Q1 Q2 Q3 Q4 Infrastructure Layer DDoS events Quarter Infrastructure DDoS Events 2024 100000 118000 143000 164000 Q1 Q2 Q3 Q4 Application DDoS events Quarter Application (HTTP) DDoS Events 2024
  • 41. © 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved. 0 20,000,000 40,000,000 60,000,000 80,000,000 100,000,000 120,000,000 140,000,000 160,000,000 180,000,000 2023 2022 2021 2020 2019 Request Per Second Year 1.5M rps 41 Largest Request Flood Events, As seen by AWS, by year 2.9M rps 4.3M rps 8.4M rps 155M rps
  • 42. © 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved. 42 Infrastructure Layer DDoS Events in 2024 – Distribution by top vectors 30.6% 25.0% 15.5% 11.0% 7.7% 6.0% 2.7% 0.0% 5.0% 10.0% 15.0% 20.0% 25.0% 30.0% 35.0% S Y N _ F L O O D D N S _ R E F L E C T I O N S S D P _ R E F L E C T I O N N T P _ R E F L E C T I O N M E M C A C H E D _ R E F L E C T I O N S N M P _ R E F L E C T I O N G E N E R I C _ U D P _ R E F L E C T I O N Share of all events Event Vectors
  • 43. © 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved. 43 Infrastructure Layer DDoS Events in 2022 vs 2024 – top emerging events 401.3% 349.2% 122.2% 105.7% 91.0% 24.9% 8.8% 0% 50% 100% 150% 200% 250% 300% 350% 400% 450% R I P _ R E F L E C T I O N H T T P _ R E F L E C T I O N R E Q U E S T _ F L O O D D N S _ R E F L E C T I O N U D S _ R E F L E C T I O N G E N E R I C _ U D P _ R E F L E C T I O N N T P _ R E F L E C T I O N
  • 44. © 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved. 44 Quarterly P99 Request per second, by year 0 20,000 40,000 60,000 80,000 100,000 120,000 140,000 160,000 180,000 200,000 Q1 Q2 Q3 Q4 2019 2020 2021 2022 2023 P99 Request per second 19.9% YoY increase
  • 45. © 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved. DDoS from the Front Row
  • 46. © 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved. Amazon Confidential and Trademark. Customer responsibility • Design resilient architectures: § Use AWS services with better protection against DDoS attacks § Reduce the attack surface § Build scalable applications • Use application level security controls such as AWS WAF. • Ensure observability and monitor the traffic to understand baseline • Detect anomaly, prepare run book for incident response which involves platform support 46
  • 47. © 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved. Amazon Confidential and Trademark. Protecting web applications 47 Private subnet Amazon CloudFront Amazon Route 53 AWS WAF AWS Cloud Public subnet ALB AWS Edge Services Region AWS WAF Compute Capacity Amazon S3 VPC Shield Advanced protected resource
  • 48. © 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved. Amazon Confidential and Trademark. Protecting on-premise applications 48 Private subnet Amazon CloudFront Amazon Route 53 AWS WAF AWS Cloud Public subnet Application Load Balancer AWS Edge Services Region Corporate data center TGW Customer Gateway DX/VPN Internet Compute Capacity Shield Advanced protected resource
  • 49. © 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved. Amazon Confidential and Trademark. AWS Shield Advanced Features 49 AWS Shield Advanced Near real-time events visibility and alerting 24/7 Support of AWS Shield Response Team Health-based detection and proactive event response Infrastructure and application protection (L3-7) Application attack detection and automatic mitigation with AWS WAF Cost protection for scaling during an attack Amazon Route53 Amazon CloudFront AWS Global Accelerator Elastic Load Balancing Elastic IP Protected Resources AWS Firewall Manager for Centralized Management AWS WAF for Application protection
  • 50. © 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved. Amazon Confidential and Trademark. February 15th, 2022 50 On the 15-16th February a number of Ukrainian websites were taken offline due to Distributed Denial-of- Service (DDoS) attacks. The impacted sites included Banks, Government and Military websites.
  • 51. © 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved. Amazon Confidential and Trademark. Attack profile 51 • Mirai botnet (actually – forked “Katana” network) • Mikrotiks, Avtech network cameras, etc • Not just DDoS: • Fake SMS messages about ATM issues • A denial of service attack against the .gov.ua DNS servers; and • A BGP hijacking attack against the Privatbank IP space causing difficulties routing traffic to their network.
  • 52. © 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved. Amazon Confidential and Trademark. Customer ingress architecture 52
  • 53. © 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved. Amazon Confidential and Trademark. Chronology 53 Feb 15.02 12:00 - attack started (first wave) 18:00 - customer reaches out AWS account team 18:20 - internal escalation inside AWS 19:26 - customer case created 19:46 - AWS war room created 22:00 - WAF configured for mobile endpoint 23:00 - WAF configured for web endpoint Feb 16.02 00:00 - attack peak (first wave) 3:00 - attack stopped (first wave) 10:00 - attack start (second wave) 11:50 - Shield Advanced activated 12:00 - attack stopped (second wave)
  • 54. © 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved. Amazon Confidential and Trademark. GA overloaded -> AWS outage in GRU (Brazil) 54
  • 55. © 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved. Amazon Confidential and Trademark. 55 Firewall Appliances gave up and started leaking
  • 56. © 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved. Amazon Confidential and Trademark. WAF to the rescue 56
  • 57. © 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved. Amazon Confidential and Trademark. WAF to the rescue 57 • Block Brazil traffic • Reputation list - block • Core rule set • Rate-limit - 2000 requests
  • 58. © 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved. Amazon Confidential and Trademark. WAF to the rescue 58
  • 59. © 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved. Amazon Confidential and Trademark. WAF to the rescue 59
  • 60. © 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved. Amazon Confidential and Trademark. So, why do we still need Shield Advanced? Shield Advanced enabled 60
  • 61. © 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved. Amazon Confidential and Trademark. L3/L4 attacks 61
  • 62. © 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved. Amazon Confidential and Trademark. Stats 62
  • 63. © 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved. Amazon Confidential and Trademark. Stats 63 Wave 1: mobile: 1.5Mrps - total blocked 1.266Mrps - rate-limited - most efficient rule 333Krps - county block (Brazil) web: 20Gbps - incoming bandwidth 1.6Mrps - total blocked 1.17Mrps - rate-limited - most efficient rule 333Krps - county block (Brazil) Wave 2: mobile: not affected web: 40Gbps - incoming bandwidth 3.6Mrps - total blocked 2.6Mrps - rate-limited - most efficient rule 666Krps - county block (Brazil)
  • 64. © 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved. Amazon Confidential and Trademark. It’s not over yet… 64
  • 65. © 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved. Thank you! © 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved. Please complete the session survey