Latest, Largest DDoS Attack May Signal a Shift in Methods
Cybercriminals are always looking for the proverbial chinks in the armor of security solutions, so whenever an unusual Distributed Denial of Service (DDoS) attack takes place (even if it was successfully mitigated), organizations should pay attention and learn from it. There have been a few large DDoS attacks in the news lately, and the latest, greatest DDoS attack happened on June 21, as reported by Akamai. The most noteworthy aspect, is that it was the largest ever DDoS attack in terms of packet rate (packets per second, pps), not volume (bits per second, bps). What this means is that organizations must ensure their resiliency to this DDoS attack method, because other cybercriminals are sure to mimic it. The reason; threat actors know that many legacy DDoS mitigation solutions are not well-suited to handling large-scale packets-per-second attacks.
The key requirement for defending against packets per second attacks is to be inline and always-on, to react quickly, and be genuinely line-rate. If your inline DDoS protection appliances are not truly line-rate, they’ll quickly start arbitrarily dropping packets in order to try and keep up, which includes dropping good packets. Worse still, they may well become unstable under the load and could crash or reboot, stopping all traffic in the process.
The June 21st attack was also noteworthy for two other reasons. First, it reached peak volume very quickly: in around two minutes. Damage from that attack could not have been prevented by an on-demand cloud scrubbing service, because by the time it responded to swing over the traffic requiring mitigation, the attack would have already done its damage. On-demand cloud scrubbing is an important component of a protection solution for guarding against the small proportion of volumetric attacks that exceed network bandwidth. However, they can never be truly real-time, so they cannot deliver protection without at least some degree of downtime, typically ranging from minutes, to tens-of-minutes, depending on the provider.
The second reason the June 21st attack is noteworthy, is that it was sourced from many new IP sources; normally many of the IP sources that bad actors tap for botnets have already been seen in the wild and tracked in previous attacks. This suggests that cybercriminals have harnessed a large new botnet, whose source code could eventually be released into the Dark Web for other criminals to use for DDoS attacks and other nefarious purposes.
The fact that cybercriminals have recently launched both high-volume and high-packet rate DDoS may not be a trend, but it certainly does show that it’s still possible to launch that next biggest attack. The advice for organizations, that cannot tolerate any of the impact to business continuity that DDoS attacks create, is to ensure they have comprehensive protection to fend off attacks of all sizes, even if the largest ones are relatively rare.
For over a decade, Corero has been providing state-of-the-art, highly-effective, real-time automatic DDoS protection solutions for enterprise, hosting and service provider customers around the world. Our SmartWall® DDoS mitigation solutions protect on-premise, cloud, virtual and hybrid environments. For more on Corero’s diverse deployment models, click here. If you’d like to learn more, please contact us.
Sean Newman is VP Product Management, responsible for Corero’s product strategy. Sean brings over 25 years of experience in the security and networking industry, to guide Corero’s growing leadership in the real-time DDoS protection market. Prior to joining Corero, Sean’s previous roles include network security Global Product Manager for Cisco, who he joined as part of their acquisition of cyber-security vendor Sourcefire, where he was Security Evangelist and Field Product Manager for EMEA. Prior to that he was Senior Product Manager for endpoint and network security vendor Sophos, after having spent more than 12 years as an Engineer, Engineering Manager and then Senior Product Manager for network infrastructure manufacturer 3Com.