Saturday, October 1

This huge DDoS attack was one of the longest ever recorded | Digital Trends Spanish

A distributed denial of service (DDoS) attack) record saw more than 25.3 billion requests sent to a target. Imperva, a cybersecurity software and services company, confirmed the attack.

As reported by Bleeping Computerthe firm’s systems defended the record attack when it occurred on June 27, 2022.

Getty Images

Threat actors focused their efforts on a Chinese telecommunications service provider, which was targeted in an attack that reached 3.9 million requests per second (RPS), with an average of 1.8 million RPS.

Of course, the aforementioned figure is not even remotely close. the largest HTTPS DDoS attack ever recorded (26 million RPS). However, the time span of how long the attack continued was specifically highlighted: this particular attack ended after four hours.

Comparatively, DDoS attempts that exceed the 1 million RPS mark typically end after seconds to several minutes. Imperva also mentioned in her report that about one in 10 DDoS attacks lasts more than an hour.

Due to the automated mitigation solution that blocks DDoS attacks in less than three seconds, the attempt could have reached a number much higher than the 3.9 million figure.

As for the attack itself, it was carried out through a botnet system located in 180 countries. IP addresses were predominantly based in the United States, Brazil, and Indonesia. The botnet used a network of 170,000 devices that were breached, ranging from modem routers, smart security cameras, and servers. The latter was found to be hosted by public clouds and cloud security service providers.

“The attack started at 3.1M RPS and maintained a rate of around 3M RPS. Once the attack maxed out at 3.9M RPS, the attack went down for several minutes, but returned to full strength for another hour,” Imperva said.

The hackers relied on HTTP/2 multiplexing to deliver multiple requests at once over individual connections. Imperva added that this technique is capable of shutting down servers with a limited amount of resources. He also noted that these types of attacks are “extremely difficult to detect.”

DDoS attacks have increased in popularity in recent years. Cloudflare confirmed that this category has seen a 175% increase in incidents within the fourth quarter of 2021.

Google, meanwhile, managed to stop the biggest HTTPS DDoS attack in history in August, with the company mitigating an attempt that peaked at 46 million RPS.

Publisher Recommendations

Leave a Reply

Your email address will not be published.