Attack Spotlight: Multi-vector DDoS Attacks


Published on

Multi-vector DDoS attack campaigns make DDoS mitigation more difficult and make it less likely the attack can be blocked with automated devices. In this slideshow, we examine a Q4 2013 DDoS attack that involved a dozen attack vectors, and explain how we fought back.

Published in: Technology, News & Politics
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Attack Spotlight: Multi-vector DDoS Attacks

  1. 1. Attack Spotlight: Multi-Vector DDoS Attacks An attack against a global financial firm
  2. 2. Key facts about the DDoS attack • Distributed denial of service (DDoS) attack mitigated by Prolexic in Q4 2013 • Targeted a global financial organization • Multi-vector attack • Well-orchestrated and sophisticated attack • Four days and nights • Multiple botnets • Attack signatures and methods changed throughout the campaign • Mobile phones played a pivotal role 2
  3. 3. Asian botnets played a key role in the Attack • Main source countries – – – – Indonesia China U.S. Mexico • Source was hidden behind a super proxy – Legitimate users may use a super proxy for privacy – Increases mitigation challenge to avoid blocking uninvolved users of the super proxy 3
  4. 4. It was a massive multi-vector attack • At least 12 different attacks – – – – Network layer (Layer 3) Application layer (Layer 7) Use of mobile phones Hacktivist message • Multi-vector attacks are more likely to bypass automated DDoS mitigation devices 4
  5. 5. Real-time human expertise was needed to block the campaign • To block the attack, Prolexic combined – Advanced DDoS mitigation technology – Skilled DDoS mitigation experts • Experts monitored and responded to the attack in real-time • When the attack changed, the mitigation method had to change • Experts crafted a response to block every new attack 5
  6. 6. Attack components: Low Orbit Ion Cannon (LOIC) • Supporters download the tool and opt-in to lend their computing resources • Members of the Anonymous cooperative control participating devices • Controlled via – Internet relay chat (IRC) – URL shortening services, such as 6
  7. 7. Attack components: Mobile phones • New DDoS trend • 6.8 million mobile devices worldwide • More than half the world’s mobile users are in Asia – China – India • Mobile devices – Are vulnerable to malware – May become part of a botnet unwittingly – May be deliberately used by downloading a mobile DDoS apps 7
  8. 8. Attack components: Mobile phones, continued • Easy-to-use mobile DoS apps are available for download • AnDOSid – Android app – Produces POST floods • Mobile LOIC – Android app – Available from mainstream app store in December 2013 8
  9. 9. Prolexic Q4 2013 Global Attack Report • Download the Q4 2013 Global Attack Report for: – – – – – – – – – 9 More details about this attack Attack signatures used DDoS attack trends Year-over-year and quarter-by-quarter comparisons Types of attacks used Network protocols at risk for abuse by attackers Industries targeted Details about real attacks mitigated by Prolexic Case study about the Asian DDoS threat
  10. 10. About Prolexic • Prolexic Technologies is the world’s largest and most trusted provider of DDoS protection and mitigation services • Prolexic has successfully stopped DDoS attacks for more than a decade • Our global DDoS mitigation network and 24/7 security operations center (SOC) can stop even the largest attacks that exceed the capabilities of other DDoS mitigation service providers 10