A ‘sophisticated, global botnet’ held an Eastern European biz under siege over 30 days
Akamai Technologies squelched the largest-ever distributed denial-of-service (DDoS) attack in Europe earlier this month against a company that was being consistently hammered over a 30-day period.
According to the cybersecurity and cloud services vendor, the height of the attack hit on July 21, when over a 14-hour period it peaked at 659.6 million packets per second (Mpps) and 853.7 gigabits per second (Gbps).
“The attack, which targeted a swath of customer IP addresses, formed the largest global horizontal attack ever mitigated on the [Akamai] Prolexic platform,” Craig Sparling, product manager in the vendor’s Cloud Security business unit, wrote in a blog post.
Sparling didn’t name the targeted company but said it is an Akamai customer in Eastern Europe. Over a 30-day period, the company came under attack 75 times via multiple vectors. The user datagram protocol (UDP) was the most popular vector used in the attack and was seen in the record spikes.
Other vectors used included UDP fragmentation, ICMP flood, RESET flood, SYN flood, TCP anomaly, TCP fragment, PSH ACK flood, FIN push flood, and PUSH flood. Data scrubbing systems were able to weed out most of the dodgy traffic.
Traffic from the distributed attack suggested that the cybercriminals “were leveraging a highly-sophisticated, global botnet of compromised devices to orchestrate this campaign,” Sparling wrote. “No individual scrubbing center handled more than 100Gbps of the overall attack.”
The Prolexic platform includes 20 high-capacity scrubbing centers around the world, distributed to be close to the source of DDoS attacks as well as the victims. In an attack, the traffic is routed via Akamai’s Anycast network through the closest scrubbing center, where Akamai’s Security Operations Command Center uses mitigation controls to stop the attack.
DDoS attacks are designed to flood organizations with traffic to the point where they can no longer conduct business online. Application-layer attacks make networked software like web servers unable to process legitimate requests by swamping them with botnets. Network-layer attacks typically target a system’s ability to process incoming network packets.
“The risk of distributed denial-of-service attacks (DDoS) has never been greater,” Sparling wrote. “Over the past several years, organizations have encountered a deluge of DDoS extortion, novel threats, state-sponsored hacktivism, and unprecedented innovation in the threat landscape. And attackers are showing zero signs of relenting.”
Kaspersky in April released a report saying that DDoS attacks hit an all-time high in the first quarter, jumping 46 percent quarter-over-quarter, with the number of targeted attacks increasing 81 percent. The cybersecurity company the expanding DDoS landscape during the first quarter was shaped by Russia’s ramp and eventual invasion of neighboring Ukraine.
Cloudflare – which in April warded off a record-setting HTTPS-based DDoS attack only to break that record by stomping on a larger attack two months later – similarly said in a report that in the first quarter, there was a 645 percent increase in DDoS attacks.
The continued evolution of DDoS attacks was on display in the incidents in April and June, according to Cloudflare researchers. In both cases, the attackers used junk HTTPS requests to overwhelm a website. In addition, the flood of network traffic in June originated from cloud service providers rather than residential internet service providers, indicating the attackers had to hijack virtual machines to scale the attack rather than simpler Internet of Things devices and home gateways.
Cloudflare earlier month said the culprit for the 26 million requests-per-second (RPS) attack in June was a botnet it named Mantis, which analysts said was an evolution on the Meris botnet. Meris was responsible for an attack in September 2021 against giant Russian tech company Yandex.
Last year Microsoft twice reported mitigating the largest recorded DDoS attacks in history, including one in November 2021 that hit 3.47 terabits-per-second and targeted a customer on Azure.
Stay informed of the latest Cybersecurity trends, threats and developments. Sign up for our Weekly Cybersecurity Newsletter Today.
Remember, CyberSecurity Starts With You!
- Globally, 30,000 websites are hacked daily.
- 64% of companies worldwide have experienced at least one form of a cyber attack.
- There were 20M breached records in March 2021.
- In 2020, ransomware cases grew by 150%.
- Email is responsible for around 94% of all malware.
- Every 39 seconds, there is a new attack somewhere on the web.
- An average of around 24,000 malicious mobile apps are blocked daily on the internet.
- Online disclosure of 5+ million Twitter users’ stolen information - 30 November 2022
- U.S. Govt. Apps Bundled Russian Code With Ties to Mobile Malware Developer - 29 November 2022
- Researchers Quietly Cracked Zeppelin Ransomware Keys - 23 November 2022