Q4 2013 DDoS Attack Spotlight: Multi-Vector Campaigns Selected excerpts

Prolexic recently released the Q4 2013 Global Attack Report, which spotlights the following multi-vector distributed denial of service (DDoS) attack campaign against a global financial firm. This DDoS campaign is a good example of how sophisticated malicious actors use a multi-pronged approach to create attacks that are more difficult to stop and use every device at their disposal, including mobile phones. Multi-vector DDoS attack campaigns make DDoS mitigation more difficult. Multiple attack vectors make it less likely the attack can be blocked with automated devices. In addition, the DDoS mitigation team has to track more details and to fight the attack on multiple fronts simultaneously. In this case, the attacks continued for four days, during which time Prolexic DDoS mitigation experts monitored and responded to the attack in real-time day and night. Every time the attack changed, the Prolexic DDoS mitigation engineers crafted a response to block the attack. In an emerging trend seen in other recent DDoS attacks, mobile phones played a pivotal role in boosting the strength of the attack. The attack campaign spanned the globe, with Asian botnets playing a large role. The malicious actors used botnets in Indonesia, China, U.S. and Mexico. The source was hidden behind a super proxy – an IP address that acts as an intermediary for tens of thousands of other computer systems. To avoid blocking traffic from legitimate users of the super proxy, the DDoS mitigation team at Prolexic had to use advanced mitigation technologies to isolate the malicious network traffic from legitimate traffic. The campaign comprised at least 12 different attacks, some of which attempted to take down the target by overwhelming the network layer (Layer 3) while others struck via the application layer (Layer 7). The attack signatures indicated the malicious actors recruited voluntary and involuntary participants in the botnet. In addition, unwitting domain name servers were victimized via spoofing to launch distributed reflection denial of service (DrDoS) attacks against the target. Volunteers opted into the botnet with Low Orbit Ion Cannon Botnets are usually formed when servers and personal computers are infected with a Trojan virus or other malware that cause them to become unwitting participants in a DDoS botnet. Low Orbit Ion Cannon, also known as LOIC, is a DDoS tool that takes a different approach. LOIC lets supporters lend their computing resources by opting into a campaign. To become part of the botnet, a participant simply downloads the tool and voluntarily connects to the attacker’s command and control server. Once connected, the members of the Anonymous cooperative who

lead an attack can control the participating devices remotely via Internet relay chat (IRC) or a URL shortening service, such as Bit.ly. Apps for DDoS attacks The Prolexic Security Engineering and Response Team (PLXsert), which analyzes DDoS attacks globally, has observed an increasing use of mobile devices in DDoS campaigns, including this one. This DDoS trend is most notable in markets such as Asia where the main means of access to the Internet is a mobile phone. Attack signatures matching AnDOSid, a DDoS attack tool for Android devices, and mobile LOIC (Low Orbit Ion Cannon), a new Android app that was available from the official Google Play appstore in December 2013, were observed during the campaign. PLXsert expects a significant increase in the number of mobile devices participating in future DDoS campaigns as the availability and adoption of these tools becomes widespread. Get the full Q4 2013 Global Attack Report with all the details Each quarter Prolexic produces a quarterly DDoS attack report. As the world’s leading DDoS mitigation provider, Prolexic is ideally positioned to collect valuable data on the origins, tactics, types, and targets of DDoS attacks and identify emerging trends. Download the Q4 2013 Global Attack Report for:

● More details about this attack ● Attack signatures used ● Global DDoS attack trends ● Year-over-year and quarter-by-quarter comparisons ● Types of attacks used ● Network protocols at risk for abuse by attackers ● Industries targeted ● Details about real attacks mitigated by Prolexic ● Case study about the Asian DDoS threat

The more you know about DDoS attacks, the better you can protect your network against cybercrime. Download the free Q4 2013 Global Attack Report today. About Prolexic Prolexic Technologies is the world’s largest and most trusted provider of DDoS protection and mitigation services. Learn more at http://www.prolexic.com.