2021 年第一季 DDoS 攻擊趨勢
Cloudflare 在上週舉辦了開發人員週,我們的團隊紛紛發佈了酷炫的新產品,其中包括一系列對 Workers 的增強。不僅是客戶喜愛使用 Workers 部署應用程式,我們的工程團隊也不例外。Workers 還是我們在 Cloudflare Radar 上發佈的網際網路流量與攻擊趨勢的驅動力量。今天,與這篇深度解析部落格貼文一同面世的還有全新的 Radar DDoS Report 頁面,這是我們在 Jupyter、Clickhouse 和 Workers 基礎上打造的第一個全面自動化資料筆記本。
上個月,我們推出了自發邊緣 DDoS (分散式阻斷服務) 保護系統,也闡釋了這如何做到既能迅速封鎖攻擊又不影響效能。該系統執行於我們網路的邊緣,異步分析流量以免影響效能,並在偵測到攻擊時立即推送內嵌的緩解規則。一切都自發完成,無需集中共識的介入。
今天,我們將分享最新的 DDoS 洞察和趨勢,這源自於我們系統在 2021 年第一季所緩解的攻擊。在分析攻擊時,我們會計算「DDoS 活動」比率,即攻擊流量占總流量 (攻擊 + 乾淨) 的百分比。這樣,我們能夠規範化資料點,並避免出現偏頗,例如,偏向於看到更多流量 (因而發現更多攻擊) 的資料中心。
重點
應用程式層 DDoS 攻擊
- 2021 年第一季,HTTP 攻擊流量百分比最高的國家是中國。位居其後的是美國、馬來西亞和印度。
- 第一季遭受攻擊最多的是電訊產業,其次是消費者服務、安全與調查、網際網路以及加密貨幣。
- 遭受攻擊最多的網際網路設備來自中國、美國和摩洛哥的公司。
網路層 DDoS 攻擊
- 在 Cloudflare 網路上,我們位於盧安達、中國和汶萊的資料中心中觀察到了最高的 DDoS 活動。
- 第一季的所有攻擊中將近 44% 發生在 1 月份。
- 主要新型威脅包括針對 Jenkins 和 TeamSpeak3 伺服器的攻擊,與前一季相比分別增長了 940% 和 203%。
- 其他新型威脅包括 QUIC 版本協商封包洪水,或許意在破壞 Cloudflare 的基礎結構。
應用程式層 DDoS 攻擊
應用程式層 DDoS 攻擊或 HTTP DDoS 攻擊旨在透過使 HTTP 伺服器無法處理請求來摧毀 HTTP 伺服器。如果伺服器受到數量超出其處理能力的請求轟炸,該伺服器會丟棄合法的請求,甚至會崩潰。
DDoS 攻擊活動產業分佈
如果按照客戶所屬市場產業對 DDoS 活動進行細分,可以發現電訊是第一季遭受攻擊最多的產業。與 2020 年第四季排名第六相比,這一次飛躍了一大步。其次是消費者服務產業,安全與調查產業則排名第三。
DDoS 活動來源國家/地區分佈
與網路層攻擊不同,HTTP 攻擊中不能假冒來源 IP。必須要建立連線。透過查詢用戶端來源 IP 的位置,就能確定其來源國家/地區。如果某一國家/地區中 DDoS 活動比率較高,這表示有大型機器人網路在這個國家/地區運作。2020 年第四季和 2021 年第一季,中國均位居榜首,美國則緊隨其後。
DDoS 活動目標國家/地區分佈
為確定哪些國家/地區遭受攻擊最多,我們按客戶的帳單國家/地區細分了 DDoS 活動。與攻擊來源細分類似,中國和美國分別排名第一和第二。有趣的是,印度在上一季將中國從第一位擠下,原因或許是印度大選同樣也在 2020 年第四季舉行。
勒索攻擊
如大家所見,我們的非 Enterprise 方案客戶是 DDoS 攻擊的最大目標。然而,不僅是攻擊的數量較高,這些客戶還報告了最高數量的 DDoS 勒索攻擊 (RDDoS)。2021 年第一季,遭受 DDoS 攻擊的被調查 Cloudflare 客戶中有 13% 報告稱他們要麼被 RDDoS 攻擊勒索,要麼提前收到了威脅。在這些客戶當中,62% 是 Pro 方案客戶,33% 是 Business 方案客戶。這是 2020 年第四季起趨勢的延續,當時被勒索客戶的數量為 17%,其中包括自稱 Lazarus Group 的團夥攻擊了一家財富 500 強公司,這家公司被我們吸納到保護範圍之中。
網路層 DDoS 攻擊
應用程式層攻擊的目標是執行終端使用者嘗試存取的服務的應用程式 (OSI 模型的第 7 層),網路層攻擊則以暴露的網路基礎結構 (例如,嵌入式路由器和其他網路伺服器) 和網際網路連結本身為目標。
攻擊數量
從月份來看,1 月是第一季中攻擊者最忙碌的月份,占該季度觀察到的攻擊總數的 42%。位列其後的是 3 月 (34.2%) 和 2 月 (23.8%)。
不過,我們確實發現第一季最大攻擊的峰值 (300-400 Gbps) 發生在 2 月。
攻擊規模
衡量第 3/4 層 DDoS 攻擊規模有多種不同的方法。一種方法是測量傳送的流量大小,以位元速率為單位 (即,每秒千兆位元)。另一種是測量傳送的封包數,以封包速率為單位 (即,每秒封包數)。高位元速率的攻擊會嘗試使網際網路連結飽和,而高封包速率的攻擊則會使路由器或其他嵌入式硬體裝置不堪負荷。
2021 年第一季觀察到的第 3/4 Continue reading
A Full Circle Journey: Introducing Cloudflare Canada
Pour voir cette publication en français, veuillez cliquer ici.
Today Cloudflare announced that Toronto will be home to Cloudflare’s first Canadian office and team. While I currently live in San Francisco, I was born and raised in Saskatchewan. As a proud Canadian, today feels like a homecoming. Canada has always been an important part of our history and customer base, and I am thrilled to see Cloudflare make a further commitment of expanding officially in the country and opening an office in Toronto. We are hiring a team locally to help our current customers and future customers, and to support even more great Canadian organizations. I wanted to share more about how Cloudflare works with Canadian businesses, what today’s announcement means, and some personal reflections.
How Cloudflare works with Canadian entrepreneurs, businesses, and nonprofits
Cloudflare helps ensure anything connected to the Internet is fast, safe, and reliable. We do this by running a distributed global cloud platform that delivers a broad range of network services to businesses of all sizes—making them more secure, enhancing the performance of anything connected online, and eliminating costs and complexity. We help approximately 25M Internet properties around the world—whether you’re a Canadian entrepreneur trying to Continue reading
Why I’m helping Cloudflare grow in Canada
I am incredibly excited to join Cloudflare as Head of Sales for Canada to expand the company’s growth in the region as part of its mission to help build a better Internet. This is an important milestone for Cloudflare to better serve the needs of our Canadian customers, recruit local talent, and build on the regional successes we’ve had around the globe.
Internet security, privacy, and performance are key drivers for every business, individual, and public sector organization. Universal dependency on the Internet has significantly increased, with web commerce, remote learning, distributed teams, remote work, virtual meetings etc. — and this is all here to stay.
Over the last few years we have seen the industry move from on-premise infrastructure and applications to a cloud-first approach with cloud and SaaS architectures. As this significant and inevitable transition has accelerated, it has introduced new complexities, challenges, and opportunities for organizations with the evolution to heterogeneous environments across public cloud, on-premise, and hybrid deployments.
At the same time, a company’s digital assets (data, web properties, applications, etc.) have become their most valuable assets. How an organization uses the Internet to serve their customers, partners, and employees has become a strategic priority Continue reading
DDoS attack trends for 2021 Q1
Last week was Developer Week at Cloudflare. During that week, our teams released a bunch of cool new products, including a bunch of improvements to Workers. And it's not just our customers that love deploying apps with Workers, but also our engineering teams. Workers is also what powers our Internet traffic and attack trends on Cloudflare Radar. Today, along with this deep-dive analysis blog, we’re excited to announce the new Radar DDoS Report page, our first fully automated data notebook built on top of Jupyter, Clickhouse, and Workers.
Last month, we introduced our autonomous edge DDoS (Distributed Denial of Service) protection system and explained how it is able to drop attacks at wire speed without impacting performance. It runs in our networks’ edge, analyzes traffic asynchronously to avoid impacting performance, and pushes mitigation rules in-line immediately once attacks are detected. All of this is done autonomously, i.e., without requiring centralized consensus.
Today, we’d like to share the latest DDoS insights and trends that are based on attacks that our system mitigated during the first quarter of 2021. When we analyze attacks, we calculate the “DDoS activity” rate, which is the percent of attack traffic out of Continue reading
Starting Network Automation for Non-Programmers
The reader asking about infrastructure-as-code in public cloud deployments also wondered whether he has any chance at mastering on-premises network automation due to lack of programming skills.
I am starting to get concerned about not knowing automation, IaC, or any programming language. I didn’t go to college, like a lot of my peers did, and they have some background in programming.
First of all, thanks a million to everyone needs to become a programmer hipsters for thoroughly confusing people. Now for a tiny bit of reality.
Starting Network Automation for Non-Programmers
The reader asking about infrastructure-as-code in public cloud deployments also wondered whether he has any chance at mastering on-premises network automation due to lack of programming skills.
I am starting to get concerned about not knowing automation, IaC, or any programming language. I didn’t go to college, like a lot of my peers did, and they have some background in programming.
First of all, thanks a million to everyone needs to become a programmer hipsters for thoroughly confusing people. Now for a tiny bit of reality.
Entwicklung der DDoS-Bedrohungslandschaft im ersten Quartal 2021
Letzte Woche fand die Cloudflare Developer Week statt – ein willkommener Anlass für unsere Teams, eine Reihe von spannenden neuen Produkten und nicht zuletzt auch einige Verbesserungen für Workers vorzustellen. Die Qualitäten dieser Lösung für den Einsatz von Applikationen wissen übrigens nicht nur unsere Kunden zu schätzen: Das Tool erfreut sich auch bei unseren eigenen Entwicklern großer Beliebtheit. Unter anderem basiert auch unsere Untersuchung von Internet- und Bedrohungstrends mithilfe von Cloudflare Radar auf Workers. Wir freuen uns, dass wir Ihnen heute (zusätzlich zu diesem Blogbeitrag mit detaillierten Analysen zu diesem Thema) unseren neuen Radar DDoS Report präsentieren können, unser erstes komplett automatisiertes Daten-Notebook auf der Grundlage von Jupyter, Clickhouse und Workers.
Letzten Monat stellten wir unser autonomes, am Netzwerkrand (Edge) betriebenes Schutzsystem gegen DDoS-Angriffe (Distributed Denial of Service) vor und erläuterten, wie es mit dieser Lösung gelingen kann, Attacken verzögerungsfrei und ohne Performance-Einbußen abzuwehren. Dieses System vermeidet Leistungsabfälle durch eine asynchrone Analyse des Datenverkehrs und leitet bei Angriffen sofort und direkt im Datenstrom Gegenmaßnahmen ein. All dies geschieht autonom am Netzwerkrand, eine separate Prüfung über eine zentrale Stelle ist nicht nötig.
Heute möchten wir Sie nun auf der Grundlage der Angriffe, die unsere Systeme im ersten Quartal 2021 abwehren Continue reading
Worth Reading: Get Better at Programming by Learning How Things Work
Who would have thought that you could get better at what you do by figuring out how things you use really work. I probably made that argument (about networking fundamentals) too many times; Julia Evans claims the same approach applies to programming.
Worth Reading: Get Better at Programming by Learning How Things Work
Who would have thought that you could get better at what you do by figuring out how things you use really work. I probably made that argument (about networking fundamentals) too many times; Julia Evans claims the same approach applies to programming.
GKE Tip series
Kubernetes is the defacto Container orchestration platform today and GKE is a managed Kubernetes distribution from GCP. In addition to being best-in-class Kubernetes distribution, GKE adds all the goodness of GCP to GKE and is also integrated well with the cloud native ecosystem. GKE has been in general availability for the last 5+ years and … Continue reading GKE Tip seriesCloudflare’s Partnership with HashiCorp and Bootstrapping Terraform with Cf-Terraforming
Cloudflare and HashiCorp have been technology partners since 2018, and in that time Cloudflare’s integration with HashiCorp’s technology has deepened, especially with Terraform, HashiCorp’s infrastructure-as-code product. Today we are announcing a major update to our Terraform bootstrapping tool, cf-terraforming. In this blog, I recap the history of our partnership, the HashiCorp Terraform Verified Provider for Cloudflare, and how getting started with Terraform for Cloudflare developers is easier than ever before with the new version of cf-terraforming.
Cloudflare and HashiCorp
Members of the open source community wrote and supported the first version of Cloudflare's Terraform provider. Eventually our customers began to bring up Terraform in conversations more often. Because of customer demand, we started supporting and developing the Terraform provider ourselves. You can read the initial v1.0 announcement for the provider here. Soon after, Cloudflare’s Terraform provider became ‘verified’ and we began working with HashiCorp to provide a high quality experience for developers.
HashiCorp Terraform allows developers to control their infrastructure-as-code through a standard configuration language, HashiCorp Configuration Language (HCL). It works across a myriad of different types of infrastructure including cloud service providers, containers, virtual machines, bare metal, etc. Terraform makes it easy for developers to follow Continue reading
Containers at the edge: it’s not what you think, or maybe it is
At Cloudflare, we’re committed to making it as easy as possible for developers to make their ideas come to life. Our announcements this week aim to give developers all the tools they need to build their next application on the edge. These include things like static site hosting, certificate management, and image services, just to name a few.
Today, we’re thrilled to announce that we’re exploring a new type of service at the edge: containers.
This announcement will be exciting to some and surprising to many. On this very blog, we’ve talked about why we believe isolates — rather than containers on the edge — will be the future model for applications on the web.
Isolates are best for Distributed Systems
Let us be clear: isolates are the best way to do edge compute, period. The Workers platform is designed to allow developers to treat our global network as one big computer. This has been a long-held dream of generations of engineers, inspiring slogans like "The Network is the Computer" — a trademark which, incidentally, we now own. Isolates and Durable Objects are finally making that vision possible.
In short, isolates excel at distributed systems. They are perfect for Continue reading
MUST READ: Machine Learning is a Marvelously Executed Scam
I thought I was snarky and somewhat rude (and toned down some of my blog posts on second thought), but I’m a total amateur compared to Corey Quinn. His last masterpiece – Machine Learning is a Marvelously Executed Scam – is another MUST READ.
MUST READ: Machine Learning is a Marvelously Executed Scam
I thought I was snarky and somewhat rude (and toned down some of my blog posts on second thought), but I’m a total amateur compared to Corey Quinn. His last masterpiece – Machine Learning is a Marvelously Executed Scam – is another MUST READ.
Heavy Networking 573: Using Application Dictionaries For Better Security Policy Management
Today's Heavy Networking thinks hard about how to manage security policy in modern IT infrastructure. We get into sources of truth, application modeling and application dictionaries, approval workflows, and more--all in the context of automation. Our guests are Ken Celenza and Brett Lykins from Network To Code.Heavy Networking 573: Using Application Dictionaries For Better Security Policy Management
Today's Heavy Networking thinks hard about how to manage security policy in modern IT infrastructure. We get into sources of truth, application modeling and application dictionaries, approval workflows, and more--all in the context of automation. Our guests are Ken Celenza and Brett Lykins from Network To Code.
The post Heavy Networking 573: Using Application Dictionaries For Better Security Policy Management appeared first on Packet Pushers.
Cisco’s Personal Insights: Good Intentions On The Road To Hell
New behavioral monitoring capabilities in Cisco Webex are being positioned as insights to improve employee well being and work-life integration, but adding layers of surveillance isn't the way to create a more humane workplace.
The post Cisco’s Personal Insights: Good Intentions On The Road To Hell appeared first on Packet Pushers.