There is a new type of Distributed Denial of Service (DDoS) attack in town, and it’s inspired by an acoustic beat.
Spotted by web infrastructure firm Cloudflare, the attack sends traffic in pulsating waves instead of going for all out bombardment, simulating the beating of a drum. The goal of this new type of attack is likely to deceive security systems, which are armed against traditional DDoS patterns.
According Omer Yoachimic, Product Manager for DDoS Protection Service, the method achieved a packet rate that ranges from ~18M to ~42M pps. Lasting for more than 19 hours, with an amplitude of roughly 7 Mpps, the attack had “wavelengths” of circa four hours, which peaked at approximately 42 Mpps.
It lasted for two days and was globally distributed, with each node firing an equal number of packets at an equal rate.
During the two-day onslaught, the company detected and mitigated more than 700 DDoS attacks targeting this single business. The attack traffic accumulated at almost 500 Terabytes, out of a total of 3.6 Petabytes of attack traffic that targeted this entity in November alone.
The attackers mostly utilized ACK floods, UDP floods, SYN floods and so-called “Christmas floods”, where all of the TCP flags are “lit”. Both ICMP and RTS floods were also deployed.