绿盟 2015全年DDoS威胁报告

m o c . 5 h t i g b u © 2016 绿盟科技关于中国电信云堤 2008 年以来，中国电信开始着力于网络 DDoS 攻击防护能力建设，已形成了覆盖国内 31 省和亚太、欧洲、北美等主要 POP 点的一体化攻击防御能力。2014 年，中国电信首次在业界系统性提出电信级网络集约化安全能力开放平台框架，并将“云堤”作为对外服务的统一品牌。 m o 几年来，中国电信云堤一方面致力于高效、可靠、精确、可开放的 DDoS 攻击防护能力建设，同时，面向政企客户提供运营商级 DDoS 攻击防护服务。目前已涵盖互联网、金融、能源制造、政府机构等各个行业。 b u c . 5 h t i g 关于绿盟科技北京神州绿盟信息安全科技股份有限公司（简称绿盟科技）成立于 2000 年 4 月，总部位于北京。在国内外设有 30 多个分支机构，为政府、运营商、金融、能源、互联网以及教育、医疗等行业用户，提供具有核心竞争力的安全产品及解决方案，帮助客户实现业务的安全顺畅运行。基于多年的安全攻防研究，绿盟科技在网络及终端安全、互联网基础安全、合规及安全管理等领域，为客户提供入侵检测 / 防护、抗拒绝服务攻击、远程安全评估以及 Web 安全防护等产品以及专业安全服务。北京神州绿盟信息安全科技股份有限公司于 2014 年 1 月 29 日起在深圳证券交易所创业板上市交易。股票简称：绿盟科技股票代码：300369 目录 DDoS 攻击态势趋于多变 ····································································································· 1 观点 1 1T 超大流量攻击令人警醒 ······················································································································ 2 观点 2 攻击在多维度呈现两极分化···················································································································· 4 观点 3 受控攻击溯源多来自中俄美···················································································································· 6 观点 4 BOTNET DDoS 温床危害巨大··········································································································· 11 DDoS 攻击事件追逐利益 ···································································································17 事件 1 竞争优势：Carphone Warehouse 240 万用户数据被窃 ···················································· 18 事件 2 实施报复：Lizard Squad 对抗 NCA······························································································ 18 事件 3 追求名利：英国 19 岁青年拿下 FBI“圣杯” ············································································ 18 事件 4 敲诈勒索：某游戏公司被收保护费 1888 元················································································ 19 事件 5 未知利益：世界互联网大会期间浙江某网站抵御攻击 ··························································· 19 c . 5 DDoS 事件的警醒及展望 ········································································································································ 20 b u DDoS 攻击手段考虑 ROI ···································································································23 观点 5 新的协议利用形式网络服务 ··········································································································· 24 观点 6 新的目标设备移动终端 ···················································································································· 25 观点 7 新的攻击方法延时攻击 ···················································································································· 25 观点 8 新的攻击工具 DDoS 木马 ··············································································································· 26 h t i g DDoS 防护走向生态化 ·······································································································29 治理运营商治理大流量········································································································································ 30 治理互联网公司阻断 DDoS 攻击工具传播 ································································································ 32 缓解网络安全公司强化 DDoS 攻防技术 ····································································································· 32 缓解用户加固特定业务········································································································································ 35 生态 DDoS 防护生态环境 ·································································································································· 38 结束语····································································································································39 作 m o 者 ············································································································································································· 39 DDoS 威胁报告 ··························································································································································· 39 内容提要纵观 2015 全年 DDoS 威胁态势， DDoS 攻击峰值流量不断上升，甚至出现了 1T 超大流量攻击事件，全年的攻击总流量接近 28 万 Tbytes，大流量乃至超大流量攻击更易于在运营商层面发现及治理。同时攻击形式发生改变，具有多维度两极分化的特性，从而远离大众的视野，更具隐蔽性。为了探究这些转变，报告呈现及分析多个较为典型的 DDoS 攻击事件，以便从中分析和了解攻击者们所追逐的利益。正是由于这些利益的驱使，攻击者们同样有自己的“老板”，也需要考虑攻击的投资回报率 ROI，攻击者发起攻击的几率大小，一方面取决于其所追逐的利益，另一方面更取决于防守方面临攻击所采取的态度和能力，当收益对比风险的天平倾斜时，攻击者就敢于发动进攻。面对如此恶劣的 DDoS 攻击态势，为