Security Experts:

Connect with us

Hi, what are you looking for?


Network Security

Massive Nine-Vector DDoS Attack Tops 470 Gbps

A 470 gigabits per second (Gbps) distributed denial of service (DDoS) attack launched earlier this month leveraged nine different payload (packet) types, security company Imperva Incapsula says.

A 470 gigabits per second (Gbps) distributed denial of service (DDoS) attack launched earlier this month leveraged nine different payload (packet) types, security company Imperva Incapsula says.

The attack occurred on June 14 and targeted a Chinese gambling company and was the largest Imperva has mitigated to date, the security firm says. While Imperva said the attack didn’t have the “craftiness” of other DDoS threats seen, they explained that it was preceded by several other large-scale assaults that occurred daily in the week leading up to the massive DDoS attack.

The incident, Imperva explains, started at over 250 Gbps, which would have made it one of the largest incidents observed since the beginning of the year. However, researchers say that the attack slowly built up over the following hours, peaking at 470 Gbps and then fading out within the next 30 minutes. The attack lasted for four hours.

The attack was complex from a network layer perspective, as it used a mix of nine different packet types, with the bulk of the traffic generated first by SYN payloads, but then switching to generic UDP and TCP payloads. Imperva researchers explain that nine-vector attacks are very rare, as they accounted for only 0.2% of all network layer DDoS attacks against the company’s clients.

The main idea behind multi-vector attacks is to bypass mitigation services through making the switch between different payload types, and which is what the actor behind this DDoS incident attempted as well. They switched to smaller payloads to increase their assault packet per second (pps) rate, and managed to reach around 110 million packets per second (Mpps) shortly before the final stage of the attack.

“Using smaller payloads to reach extremely high packet forwarding rates was a common tactic in many large attacks we mitigated this year. Doing so helps perpetrators max out the processing power of current-gen mitigation appliances—one of their most common weak spots,” Imperva researchers explain.

To mitigate the attack, the security company rerouted the attack traffic through its scrubbing servers and then used deep packet inspection (DPI) to identify and filter out malicious traffic. In fact, the company notes that this is exactly the mitigation technique it uses for any DDoS attack, and those aren’t short to come by, it seems: they encounter a 50+ Mpps attack every four days and an 80+ Mpps roughly every eight days.

What Imperva does stress, however, is that even large DDoS attacks, such as the 600 Gbps assault that took down in the beginning of this year, can be easily mitigated using this technique.

“We want to make clear that there isn’t much difference in mitigating 300, 400, or 500 Gbps network layer attacks. They’re similar threats, each dealt with in a similar manner. Large attack waves aren’t more dangerous than smaller ones. All you need is a bigger boat,” Imperva’s researchers say.

Even if the process of mitigating a DDoS attack is the same regardless of an attack’s size, it’s clear that perpetrators are looking to constantly increase the sophistication of assaults to bypass mitigation. While multi-vector attacks are on the rise, attackers are leveraging different protocols and techniques for reflection and amplification, and have started to abuse IoT devices such as CCTV cameras for DDoS attacks.

Related: Nitol Botnet Fuels 8.7 Gbps Layer 7 DDoS Attack

Related: Record Number of 100+ Gbps DDoS Attacks Hit in Q1 2016: Akamai

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content

Network Security

NSA publishes guidance to help system administrators identify and mitigate cyber risks associated with transitioning to IPv6.


Websites of German airports, administration bodies and banks were hit by DDoS attacks attributed to Russian hacker group Killnet

Identity & Access

Zero trust is not a replacement for identity and access management (IAM), but is the extension of IAM principles from people to everyone and...

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...

Network Security

Attack surface management is nothing short of a complete methodology for providing effective cybersecurity. It doesn’t seek to protect everything, but concentrates on areas...

Cybersecurity Funding

Network security provider Corsa Security last week announced that it has raised $10 million from Roadmap Capital. To date, the company has raised $50...

Network Security

Our networks have become atomized which, for starters, means they’re highly dispersed. Not just in terms of the infrastructure – legacy, on-premises, hybrid, multi-cloud,...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...