DDoS attacks come in various forms, including a relatively new one that is much harder to defend, and has grown significantly in frequency over the past year: carpet bombing. These attacks are analogous to military ordnance of the same name that, instead of a single large blast, delivers many smaller blasts, distributed over a much larger area. From a DDoS perspective, this results in packet floods at much lower volumes to individual IP addresses that, on aggregate across a specific subnet or CIDR block, add up to the volume required to do their damage. Because these carpet bomb attacks only result in small volumes of bad traffic to individual IP addresses, they can easily evade conventional DDoS mitigation defenses which only detect attacks on a per destination IP basis. The result is that even organizations who have protection in place are finding their online services are being degraded or completely disrupted.
Carpet bomb attacks are complex
There are several factors that can make carpet bomb DDoS attacks even more difficult to detect and mitigate using manual or conventional solutions:
- Attack packets are often fragmented
- The targeted IP addresses often change during an attack.
- Attacks can include a combination of reflection and flooding techniques.
- Vectors are often automated, changing rapidly on the fly.
Neustar Security Services, a Corero cloud partner, recently issued a report “Cyber Threats & Trends Report: Defending Against A New Cybercrime Economy,” in which their SOC observed that carpet bomb attacks accounted for 60% of all attacks in Q3 2021, and 56% in Q4.
This is a worrisome trend, but Corero is well ahead of the challenges presented by carpet bomb attacks, and continues to deliver innovative technology to overcome them. For example, Intelligent Fragment protection with patented heuristics-based Smart-Rule technology that automatically block the large volumes of packets and fragments associated with many of today’s DDoS attacks. Our SmartWall® One DDoS protection now includes automatic subnet attack protection to address the increase in volumetric carpet bomb attacks. Corero’s next-generation real-time automatic approach is the only way to effectively prevent DDoS-downtime, and is proven to block over 98% of attacks in under a second, with no operator intervention required.
Cyber carpet bomb attacks may not yet be a household term; even though DDoS is increasingly newsworthy, the press outlets rarely go into forensic detail about the attacks. So, carpet bombing may seem to be just the latest arrow in the quiver of cyber criminals, but they are a powerful weapon which needs to be taken very seriously, as they can effectively neutralize many existing DDoS defenses.
For over a decade, Corero has been providing state-of-the-art, highly-effective, real-time automatic DDoS protection solutions for enterprise, hosting and service provider customers around the world. Our SmartWall® One DDoS protection platform protects on-premises, cloud, virtual and hybrid environments. For more on Corero’s diverse deployment models, click here. If you’d like to learn more, please contact us.