www.prolexic.com
Attack Spotlight: Multi-Vector DDoS Attacks
An attack against a global financial firm
www.prolexic.com
Key facts about the DDoS attack
• Distributed denial of service (DDoS) attack mitigated by Prolexic in Q4 2013
• Targeted a global financial organization
• Multi-vector attack
• Well-orchestrated and sophisticated attack
• Four days and nights
• Multiple botnets
• Attack signatures and methods changed throughout the campaign
• Mobile phones played a pivotal role
www.prolexic.com
Asian botnets played a key role in the Attack
• Main source countries – Indonesia
– China
– U.S.
– Mexico
• Source was hidden behind a super proxy – Legitimate users may use a super proxy for privacy
– Increases mitigation challenge to avoid blocking uninvolved users of the super proxy
www.prolexic.com
It was a massive multi-vector attack
• At least 12 different attacks – Network layer (Layer 3)
– Application layer (Layer 7)
– Use of mobile phones
– Hacktivist message
• Multi-vector attacks are more likely to bypass automated DDoS mitigation devices
www.prolexic.com
Real-time human expertise was needed to
block the campaign
• To block the attack, Prolexic combined – Advanced DDoS mitigation technology
– Skilled DDoS mitigation experts
• Experts monitored and responded to the attack in real-time
• When the attack changed, the mitigation method had to change
• Experts crafted a response to block every new attack
www.prolexic.com
Attack components: Low Orbit Ion Cannon
(LOIC)
• Supporters download the tool and opt-in to lend their computing resources
• Members of the Anonymous cooperative control participating devices
• Controlled via – Internet relay chat (IRC)
– URL shortening services, such as Bit.ly
www.prolexic.com
Attack components: Mobile phones
• New DDoS trend
• 6.8 million mobile devices worldwide
• More than half the world’s mobile users are in Asia – China – India
• Mobile devices – Are vulnerable to malware – May become part of a botnet unwittingly – May be deliberately used by downloading a mobile
DDoS apps
www.prolexic.com
Attack components: Mobile phones, continued
• Easy-to-use mobile DoS apps are available for download
• AnDOSid – Android app
– Produces POST floods
• Mobile LOIC – Android app
– Available from mainstream app store in December 2013
www.prolexic.com
Prolexic Q4 2013 Global Attack Report
• Download the Q4 2013 Global Attack Report for: – More details about this attack
– Attack signatures used
– DDoS attack trends
– Year-over-year and quarter-by-quarter comparisons
– Types of attacks used
– Network protocols at risk for abuse by attackers
– Industries targeted
– Details about real attacks mitigated by Prolexic
– Case study about the Asian DDoS threat
www.prolexic.com
About Prolexic
• Prolexic Technologies is the world’s largest and most trusted provider of DDoS protection and mitigation services
• Prolexic has successfully stopped DDoS attacks for more than a decade
• Our global DDoS mitigation network and 24/7 security operations center (SOC) can stop even the largest attacks that exceed the capabilities of other DDoS mitigation service providers