Prolexic DDoS Attack Report: A Multi-Vector DDoS Attack Spotlight

  • Published on

  • View

  • Download

Embed Size (px)

DESCRIPTION | Multi-vector DDoS attack campaigns make DDoS mitigation more difficult. Multiple attack vectors make it less likely the attack can be blocked with automated devices. In addition, the DDoS mitigation team has to track more details and to fight the attack on multiple fronts simultaneously. In this slideshow, Prolexic examines a recent DDoS attack that involved a dozen attack vectors, and explains how they fought back.


<ul><li>1.Attack Spotlight: Multi-Vector DDoS Attacks An attack against a global financial</li></ul> <p>2. Key facts about the DDoS attack Distributed denial of service (DDoS) attack mitigated by Prolexic in Q4 2013 Targeted a global financial organization Multi-vector attack Well-orchestrated and sophisticated attack Four days and nights Multiple botnets Attack signatures and methods changed throughout the campaign Mobile phones played a pivotal role 3. Asian botnets played a key role in the Attack Main source countries Indonesia China U.S. Mexico Source was hidden behind a super proxy Legitimate users may use a super proxy for privacy Increases mitigation challenge to avoid blocking uninvolved users of the super 4. It was a massive multi-vector attack At least 12 different attacks Network layer (Layer 3) Application layer (Layer 7) Use of mobile phones Hacktivist message Multi-vector attacks are more likely to bypass automated DDoS mitigation 5. Real-time human expertise was needed to block the campaign To block the attack, Prolexic combined Advanced DDoS mitigation technology Skilled DDoS mitigation experts Experts monitored and responded to the attack in real-time When the attack changed, the mitigation method had to change Experts crafted a response to block every new attack 6. Attack components: Low Orbit Ion Cannon (LOIC) Supporters download the tool and opt-in to lend their computing resources Members of the Anonymous cooperative control participating devices Controlled via Internet relay chat (IRC) URL shortening services, such as 7. Attack components: Mobile phones New DDoS trend 6.8 million mobile devices worldwide More than half the worlds mobile users are in Asia China India Mobile devices Are vulnerable to malware May become part of a botnet unwittingly May be deliberately used by downloading a mobile DDoS apps 8. Attack components: Mobile phones, continued Easy-to-use mobile DoS apps are available for download AnDOSid Android app Produces POST floods Mobile LOIC Android app Available from mainstream app store in December 2013 9. Prolexic Q4 2013 Global Attack Report Download the Q4 2013 Global Attack Report for: More details about this attack Attack signatures used DDoS attack trends Year-over-year and quarter-by-quarter comparisons Types of attacks used Network protocols at risk for abuse by attackers Industries targeted Details about real attacks mitigated by Prolexic Case study about the Asian DDoS threat 10. About Prolexic Prolexic Technologies is the worlds largest and most trusted provider of DDoS protection and mitigation services Prolexic has successfully stopped DDoS attacks for more than a decade Our global DDoS mitigation network and 24/7 security operations center (SOC) can stop even the largest attacks that exceed the capabilities of other DDoS mitigation service providers </p>