Largest DDoS attack ever? Massive 470Gbps assault hits Chinese gambling site
Complex nine-vector approach described as 'very rare' by security researchers.
A 470 gigabits per second (Gbps) distributed denial of service (DDoS) attack on an unnamed gambling website has been described as one of the largest and most complex assaults to date. The perpetrators' multi-vector approach reached a packet-per-second peak of 110 million, although the assault was quickly mitigated by a security firm.
The attack reportedly lasted just over four hours on 14 June and was notable not only for the strength of the assault, but also the multi-vector approach that mixed "nine different payload (packet) types". The security firm claims that only 0.2% of DDoS attacks from the first quarter of 2016 were multi-vector.
"Such nine-vector assaults are very rare in our experience," said Imperva Incapsula researchers Ofer Gayer and Igal Zeifman. "Usually a perpetrator's goal in using multi-vector attacks is to switch between different payload types in an attempt to bypass a mitigation service. So it was in this case when, midway through, the perpetrators changed their approach — using smaller payloads to increase their assault packet per second (pps) rate."
Zeifman and Gayer note that many of the recent large attacks mitigated by the firm use smaller payloads to achieve high forwarding rates. They explain that "doing so helps perpetrators max out the processing power of current-gen mitigation appliances — one of their most common weak spots".
While the initial burst only reached 250Gbps, the magic 470Gbps mark was hit toward the end of the four-hour period. The attack subsided roughly 30 minutes after. Despite the magnitude of the DDoS attack, the two Incapsula staff state that on a technical level "large attack waves aren't more dangerous than smaller ones," explaining that "they're similar threats, each dealt with in a similar manner".
The 'largest DDoS attack ever' mantle has always been a hotly contested topic, but Incapsula note that many sizeable attacks are embellished by marketing companies. The most notable examples of this was New World Hacking's "test" attack on the BBC's website on New Year's Eve 2015. Early claims stated that the self-proclaimed anti-Isis group reached 600Gbps, although this was widely disputed.
© Copyright IBTimes 2024. All rights reserved.
