Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Network Security

Massive Nine-Vector DDoS Attack Tops 470 Gbps

A 470 gigabits per second (Gbps) distributed denial of service (DDoS) attack launched earlier this month leveraged nine different payload (packet) types, security company Imperva Incapsula says.

A 470 gigabits per second (Gbps) distributed denial of service (DDoS) attack launched earlier this month leveraged nine different payload (packet) types, security company Imperva Incapsula says.

The attack occurred on June 14 and targeted a Chinese gambling company and was the largest Imperva has mitigated to date, the security firm says. While Imperva said the attack didn’t have the “craftiness” of other DDoS threats seen, they explained that it was preceded by several other large-scale assaults that occurred daily in the week leading up to the massive DDoS attack.

The incident, Imperva explains, started at over 250 Gbps, which would have made it one of the largest incidents observed since the beginning of the year. However, researchers say that the attack slowly built up over the following hours, peaking at 470 Gbps and then fading out within the next 30 minutes. The attack lasted for four hours.

The attack was complex from a network layer perspective, as it used a mix of nine different packet types, with the bulk of the traffic generated first by SYN payloads, but then switching to generic UDP and TCP payloads. Imperva researchers explain that nine-vector attacks are very rare, as they accounted for only 0.2% of all network layer DDoS attacks against the company’s clients.

The main idea behind multi-vector attacks is to bypass mitigation services through making the switch between different payload types, and which is what the actor behind this DDoS incident attempted as well. They switched to smaller payloads to increase their assault packet per second (pps) rate, and managed to reach around 110 million packets per second (Mpps) shortly before the final stage of the attack.

“Using smaller payloads to reach extremely high packet forwarding rates was a common tactic in many large attacks we mitigated this year. Doing so helps perpetrators max out the processing power of current-gen mitigation appliances—one of their most common weak spots,” Imperva researchers explain.

To mitigate the attack, the security company rerouted the attack traffic through its scrubbing servers and then used deep packet inspection (DPI) to identify and filter out malicious traffic. In fact, the company notes that this is exactly the mitigation technique it uses for any DDoS attack, and those aren’t short to come by, it seems: they encounter a 50+ Mpps attack every four days and an 80+ Mpps roughly every eight days.

What Imperva does stress, however, is that even large DDoS attacks, such as the 600 Gbps assault that took down BBC.com in the beginning of this year, can be easily mitigated using this technique.

Advertisement. Scroll to continue reading.

“We want to make clear that there isn’t much difference in mitigating 300, 400, or 500 Gbps network layer attacks. They’re similar threats, each dealt with in a similar manner. Large attack waves aren’t more dangerous than smaller ones. All you need is a bigger boat,” Imperva’s researchers say.

Even if the process of mitigating a DDoS attack is the same regardless of an attack’s size, it’s clear that perpetrators are looking to constantly increase the sophistication of assaults to bypass mitigation. While multi-vector attacks are on the rise, attackers are leveraging different protocols and techniques for reflection and amplification, and have started to abuse IoT devices such as CCTV cameras for DDoS attacks.

Related: Nitol Botnet Fuels 8.7 Gbps Layer 7 DDoS Attack

Related: Record Number of 100+ Gbps DDoS Attacks Hit in Q1 2016: Akamai

Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Identity & Access

Zero trust is not a replacement for identity and access management (IAM), but is the extension of IAM principles from people to everyone and...

Cybersecurity Funding

Network security provider Corsa Security last week announced that it has raised $10 million from Roadmap Capital. To date, the company has raised $50...

Network Security

Attack surface management is nothing short of a complete methodology for providing effective cybersecurity. It doesn’t seek to protect everything, but concentrates on areas...

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Cyberwarfare

Websites of German airports, administration bodies and banks were hit by DDoS attacks attributed to Russian hacker group Killnet

Network Security

A zero-day vulnerability named HTTP/2 Rapid Reset has been exploited to launch some of the largest DDoS attacks in history.