A major European bank suffered a huge DDoS attack earlier this week, according to a new report by Akamai. The attack was both huge & fast.
It was observed that the attack on a bank last week was the biggest ever packet per second (pps) distributed denial of service (DDoS) attack on its platform. This attack generated 809 million packets per second (Mpps). The bank concerned is undisclosed.
Focused
It was claimed this was a new industry record for pps focused attacks, and well over double the size of a previous attack it had mitigated.
What makes this incursion so unique was the large increase in the volume of source IP addresses revealed.
“The number of source IPs that registered traffic to the customer destination increased massively during the attack, indicating that it was highly distributed in nature. We saw upwards of 600x the number of source IPs per minute compared to what we normally observe for this customer destination,” the report went on to say.
Botnet
The vast majority of the attack traffic was sourced from IPs that researchers had not recorded in other 2020 attacks. This could indicate an emerging botnet.
“Most of the source IPs could be identified within large Internet Services Providers via AS lookups, which is indicative of compromised end user machines,” commented researchers.
It was explained that the attack was distinguished by not only its size, but also because of the speed with which it reached peak. This attack grew from normal traffic levels to 418 Gbps in seconds, before reaching its top size of 809 Mpps in roughly 2 minutes, it was revealed.
Adequate
Eyal Arazi, Product Marketing Manager at Radware, outlined that the nature of DDoS attacks is shifting, & protections that used to be quite adequate not that long ago, are no longer necessarily effective.
“DDoS attackers are concentrating more & more on the application-layer, leveraging sophisticated bots to launch attacks, & use sophisticated attack vectors such as burst attacks, SSL floods, & carpet-bombing attacks,” he further added.
SLA Metric
“DDoS protection services vary wildly by technology, network, & service. This is why it’s important to choose a DDoS protection service that offers behavioural protections which go beyond simple signature & rate limits, have the capacity to deal even with the largest attacks, & back their marketing claims with quantifiable & measurable SLA metrics.”
Unavailable
Javvad Malik, Security Awareness Advocate at KnowBe4, observed that despite most security controls put in place, there is always a chance that a DDoS attack will be successful in disrupting systems, thus making them unavailable to users
“Organisations should also prepare for this scenario & get business advice on what the next steps should be. In some cases, organisations can ride the storm & afford to be offline for a period of time.
Partners
Whether that’s the case or not, organisations should have a plan to notify web hosting partners & have a mechanism to notify clients and partners to let them know service is temporarily unavailable & what steps they can take in the interim while the incident is being resolved,” he explained.
