Visit us at IoT World on Booth 752

Blog

Get news about our products, which events we are attending plus industry insights and commentary

DDoS Attack Vectors Evolve as Overall Number of Attacks Declines

Written by Sarah Chandley on Friday, 08 February 2019. Posted in Cyber

In terms of DDoS attacks, 2019 has started with a bang! At the end of January reports surfaced of a massive DDoS attack that generated over 500 million packets per second, which was significantly larger than last year’s GitHub attack, which peaked at 129.6 million packets per second. This most recent attack as reported by Imperva crossed the 500 million packets per second (PPS) mark, which differentiates this attack from other hyper scale DDoS attacks. When looking in to this particular attack, the most interesting factor is that huge number of packets per second, making it difficult for NetOps and SecOps teams to respond to this anomalous network behaviour, as they need huge amounts of network hardware and specialist resources to mitigate against them.

This particular attack was reported as a SYN based flood attack, which was amplified by the attacker using larger SYN flood packets as well as normal SYN packets, estimated at around the 800-900 bytes mark. The strategy behind this attack was for the normal SYN packets exhaust server resources whilst the larger SYN flood packets saturate the network. A SYN flood attack attempts to overwhelm a target by sending in a mass amounts of TCP connection requests (one of three stages of a TCP three-way handshake) hoping to render it unresponsive as it waits for a client reply, severely impacting upon network capacity, service delivery and compromising infrastructure.

The attackers in this case used a combination of two older common tools, highly randomised and spoofed source ports and addresses to launch the attack. While this attack in itself could be devastating if allowed to crash through the network unchecked, we do not know at this time if this episode was a master class in slight of hand and was in fact masking an intelligent and stealthy multi-vector attack. Which is why organisations must have intelligent tools sets that can not only detect and mitigate the obvious DDoS attack but also the not so overt attack vectors that use DDoS as way in to the network. 

This attack is thought to be one of the largest ever recorded, is the start of a new era of colossal PPS DDoS attacks? If so, how do organisations dealing with huge amounts data and daily attacks reduce their vulnerability and risk? The answer is to combine total network visibility, global threat intelligence, smart Anomaly Detection alert triaging and the ability to block cyber-attacks in real-time to create a proactive agile multi-layered security strategy that keeps day-to-day operations running smoothly and important data safe. Telesoft offers a number of cyber security products for flow monitoring and cyber threat visibility, talk to us to about detecting and blocking threats in your network…learn more

About the Author

Sarah Chandley

Sarah Chandley

Sarah is an experienced B2B technology marketing professional, creating content for the Cyber Security, Telco and Government Infrastructure sectors. 

Information cookies

Cookies are short reports that are sent and stored on the hard drive of the user's computer through your browser when it connects to a web. Cookies can be used to collect and store user data while connected to provide you the requested services and sometimes tend not to keep. Cookies can be themselves or others.

There are several types of cookies:

  • Technical cookies that facilitate user navigation and use of the various options or services offered by the web as identify the session, allow access to certain areas, facilitate orders, purchases, filling out forms, registration, security, facilitating functionalities (videos, social networks, etc..).
  • Customization cookies that allow users to access services according to their preferences (language, browser, configuration, etc..).
  • Analytical cookies which allow anonymous analysis of the behavior of web users and allow to measure user activity and develop navigation profiles in order to improve the websites.

So when you access our website, in compliance with Article 22 of Law 34/2002 of the Information Society Services, in the analytical cookies treatment, we have requested your consent to their use. All of this is to improve our services. We use Google Analytics to collect anonymous statistical information such as the number of visitors to our site. Cookies added by Google Analytics are governed by the privacy policies of Google Analytics. If you want you can disable cookies from Google Analytics.

However, please note that you can enable or disable cookies by following the instructions of your browser.