www.prolexic.com

Attack Spotlight: Multi-Vector DDoS Attacks

An attack against a global financial firm

www.prolexic.com

Key facts about the DDoS attack

• Distributed denial of service (DDoS) attack mitigated by Prolexic in Q4 2013

• Targeted a global financial organization

• Multi-vector attack

• Well-orchestrated and sophisticated attack

• Four days and nights

• Multiple botnets

• Attack signatures and methods changed throughout the campaign

• Mobile phones played a pivotal role

www.prolexic.com

Asian botnets played a key role in the Attack

• Main source countries – Indonesia

– China

– U.S.

– Mexico

• Source was hidden behind a super proxy – Legitimate users may use a super proxy for privacy

– Increases mitigation challenge to avoid blocking uninvolved users of the super proxy

www.prolexic.com

It was a massive multi-vector attack

• At least 12 different attacks – Network layer (Layer 3)

– Application layer (Layer 7)

– Use of mobile phones

– Hacktivist message

• Multi-vector attacks are more likely to bypass automated DDoS mitigation devices

www.prolexic.com

Real-time human expertise was needed to

block the campaign

• To block the attack, Prolexic combined – Advanced DDoS mitigation technology

– Skilled DDoS mitigation experts

• Experts monitored and responded to the attack in real-time

• When the attack changed, the mitigation method had to change

• Experts crafted a response to block every new attack

www.prolexic.com

Attack components: Low Orbit Ion Cannon

(LOIC)

• Supporters download the tool and opt-in to lend their computing resources

• Members of the Anonymous cooperative control participating devices

• Controlled via – Internet relay chat (IRC)

– URL shortening services, such as Bit.ly

www.prolexic.com

Attack components: Mobile phones

• New DDoS trend

• 6.8 million mobile devices worldwide

• More than half the world’s mobile users are in Asia – China – India

• Mobile devices – Are vulnerable to malware – May become part of a botnet unwittingly – May be deliberately used by downloading a mobile

DDoS apps

www.prolexic.com

Attack components: Mobile phones, continued

• Easy-to-use mobile DoS apps are available for download

• AnDOSid – Android app

– Produces POST floods

• Mobile LOIC – Android app

– Available from mainstream app store in December 2013

www.prolexic.com

Prolexic Q4 2013 Global Attack Report

• Download the Q4 2013 Global Attack Report for: – More details about this attack

– Attack signatures used

– DDoS attack trends

– Year-over-year and quarter-by-quarter comparisons

– Types of attacks used

– Network protocols at risk for abuse by attackers

– Industries targeted

– Details about real attacks mitigated by Prolexic

– Case study about the Asian DDoS threat

www.prolexic.com

About Prolexic

• Prolexic Technologies is the world’s largest and most trusted provider of DDoS protection and mitigation services

• Prolexic has successfully stopped DDoS attacks for more than a decade

• Our global DDoS mitigation network and 24/7 security operations center (SOC) can stop even the largest attacks that exceed the capabilities of other DDoS mitigation service providers