DDoS Attack Threats | Storm Network Stress Tester | Akamai Presentation

Published on June 2016 | Categories: Types, Presentations | Downloads: 72 | Comments: 0 | Views: 236
of 10
Download PDF   Embed   Report

http://bit.ly/1tBd6Fd | The Storm Network Stress Tester DDoS crimeware toolkit targets Windows XP (or higher) operating systems, infecting computers with malicious software that turns them into attacker-controlled, obedient zombies. Once infected, malicious actors can manipulate the computers they control remotely, allowing an almost unlimited variety of abuse. Find out more about this DDoS threat in the full Prolexic Storm Network Stress Tester Threat Advisory,

Comments

Content


Storm Network Stress Tester: Security
Threat
Highlights from a Prolexic DDoS Threat Advisory
©2014 AKAMAI | FASTER FORWARD
TM
What is Storm Network Stress Tester
• Storm is an Asian crimeware kit designed for the creation
of botnets for DDoS attacks
• Malicious actors use Storm to generate an executable
payload
Users on other computers are then tricked into
downloading and running the executable
• Once executed on a Windows XP (or higher) machine,
Storm establishes remote administration (RAT) capabilities
• Attackers can then command infected computers to
execute a DDoS attack against a target
©2014 AKAMAI | FASTER FORWARD
TM
Remote Administration (RAT)
• Once installed, Storm exposes RAT capabilities
• Attackers can
•Perform directory traversal
•Upload and download files
•Remotely execute commands
•Activate DDoS attack capabilities
• These versatile capabilities allow for almost any form of
cybercrime, including the extraction of sensitive personal
data and the infection of other machines

©2014 AKAMAI | FASTER FORWARD
TM
DDoS Capabilities
• Storm supports up to four simultaneous DDoS attack
types
• UDP, TCP, and ICMP attacks are all supported
• A single infected machine, using only a single attack type,
was able to generate up to 12 Mbps of DDoS traffic
• Potential for massive attacks by exploiting a large number
of infected hosts

©2014 AKAMAI | FASTER FORWARD
TM
Infection Targets
• Storm targets Microsoft Windows operating systems
(XP and later)
• Execution of Storm payloads on Vista and later
operating systems requires disabling User Access Control
(UAC) – XP lacks this feature
• However, sophisticated attackers have bypassed this
limitation to increase the rate of infection
• Storm infection still a threat to later operating systems
• Infection rates likely to be much higher on XP


©2014 AKAMAI | FASTER FORWARD
TM
The Chinese Connection
• The program contains multiple references to China in the
code and filenames
•i.e. - “Windows China Driver”
• Windows XP is the dominant operating system in China –
60% of desktop computers use XP
• Storm appears to be designed to infect victims running
XP operating systems in China
• Massive demographic of potential zombies means a
serious potential for massive, orchestrated DDoS attacks
against targets worldwide

©2014 AKAMAI | FASTER FORWARD
TM
Command Structure
• Storm follows a client-
server architecture
• Payloads are sent out
from a command-and-
control (C2) server
• Infected hosts connect
back to C2 and wait for
commands
• The C2 can then
manipulate the zombies
through RAT
commands and order
DDoS attacks

©2014 AKAMAI | FASTER FORWARD
TM
If you are a target of a Storm Attack
• Attackers can easily use tools like Storm to set up and
control botnets for DDoS attacks
• The Storm Network Stress Tester Threat Advisory by the
Prolexic Security Engineering and Research Team
(PLXsert) explains how to mitigate Storm DDoS attacks
•Attack signatures against Storm TCP, UDP, and ICMP
attacks
•Identifying strings in the binary and process names

©2014 AKAMAI | FASTER FORWARD
TM
Threat Advisory: Storm DDoS toolkit
• Download the threat advisory, Storm Network Stress
Tester, at www.prolexic.com/storm
• This DDoS threat advisory includes:
• Indicators of infection by the Storm kit
• Architecture of the crimeware kit
• Dropper payload generation and infection
• Fortification methods
• Command structure
• DDoS attack types, payloads and attack signatures

©2014 AKAMAI | FASTER FORWARD
TM
About Prolexic (now part of Akamai)
• We have successfully stopped DDoS attacks for more
than a decade
• Our global DDoS mitigation network and 24/7 security
operations center (SOC) can stop even the largest
attacks that exceed the capabilities of other DDoS
mitigation service providers

Sponsor Documents

Or use your account on DocShare.tips

Hide

Forgot your password?

Or register your new account on DocShare.tips

Hide

Lost your password? Please enter your email address. You will receive a link to create a new password.

Back to log-in

Close