Biggest-ever packets-per-second DDoS attack hits large European bank


Akamai said that the attack on a bank earlier this week was the largest ever packet per second (pps) distributed denial of service (DDoS) attack on its platform. The attack generated 809 million packets per second (Mpps). The targeted bank has not been revealed.

In a report, Akamai claimed this was a new industry record for pps focused attacks, and well over double the size of a previous attack it had mitigated.

What made attack unique, according to Akamai, was the massive increase in the amount of source IP addresses observed.

“The number of source IPs that registered traffic to the customer destination increased massively during the attack, indicating that it was highly distributed in nature.  We saw upwards of 600x the number of source IPs per minute compared to what we normally observe for this customer destination,” the report said.

The vast majority of the attack traffic was sourced from IPs that researchers have not recorded in prior 2020 attacks. This, according to the report indicated an emerging botnet.

“Most of the source IPs could be identified within large Internet Services Providers via AS lookups, which is indicative of compromised end user machines,” said researchers.

Researchers said that Sunday’s attack was remarkable not only for its size, but also because of the speed at which it reached its peak. The attack grew from normal traffic levels to 418 Gbps in seconds, before reaching its peak size of 809 Mpps in approximately two minutes, researchers said.

Eyal Arazi, product marketing manager at Radware, told SC Media UK that the nature of DDoS attacks is shifting, and protections that used to be adequate not long ago are no longer effective.

“DDoS attackers are concentrating more and more on the application-layer, leveraging sophisticated bots to launch attacks, and use sophisticated attack vectors such as burst attacks, SSL floods, and carpet-bombing attacks,” he said.

“DDoS protection services vary wildly by technology, network, and service. This is why it’s important to choose a DDoS protection service that offers behavioural protections which go beyond simple signature and rate limits, have the capacity to deal even with the largest attacks, and back their marketing claims with quantifiable and measurable SLA metrics.”

Javvad Malik, security awareness advocate at KnowBe4, told SC Media UK that like most security controls put in place, there is the chance that a DDoS attack will be successful in disrupting systems, rendering them unavailable.

“Organisations should also prepare for this scenario and get business advice on what the next steps should be. In some cases, organisations can ride the storm and afford to be offline for a period of time. Whether that’s the case or not, organisations should have a plan to notify web hosting partners and have a mechanism to notify clients and partners to let them know service is temporarily unavailable and what steps they can take in the interim while the incident is being resolved,” he said.



Source link

Recent articles

‘Comedy Bang! Bang!’ Set to Leave Netflix (again) in August 2020

Comedy Bang! Bang! set to leave Netflix (again) – Picture: IFCComedy Bang! Bang! is currently set to leave Netflix for the second time...

What Hong Kong’s Pandemic Experience Taught Uber About Other Cities

OAKLAND, Calif. — In late February, Uber executives were set to gather in San Francisco to form business plans for the year as...

Carbon monoxide poisoning clue emerges in fatal DHC-2 crash probe | News

Australian investigators have urged operators of piston-engined aircraft to carry out inspection and repair of exhaust systems, after finding that the pilot of...

Twitter is removing ‘master,’ ‘slave’ and ‘blacklist’ from its code

Twitter is dropping the terms "master," "slave" and "blacklist" from its code after two engineers lobbied for the use of more inclusive programming...

Botswana reports mysterious deaths of hundreds of elephants | News

Hundreds of elephants have died mysteriously in Botswana's famed Okavango Delta, according to an official who ruled out poaching as the tusks were...

Xbox Insider Release Notes – Beta, Delta and Omega (2007.200630-0000)

Hey Xbox Insiders! We have a new Xbox One update preview coming to the Beta, Delta and Omega ring. It’s important...

Leave a reply

Please enter your comment!
Please enter your name here