Major DDoS attack with 25.3 billion requests was mitigated

Long-lasting DDoS attack abused HTTP/2 multiplexing

Attackers used 170,000 botnet devicesAttack rates reached a total of 25.3 billion requests

Imperva has blocked a record DDoS attack with billions of requests. Cybersecurity firm announced to have mitigated the distributed denial of service attacks with a total of 25.3 billion requests.[1] The attack took place on June 27th, marking the new record for Imperva's application DDoS mitigation solution.[2]

An attack like this can have a goal of causing destructive changes to network devices or destroying configuration information or even causing consumption of limited resources. The target of the single attack was an unnamed Chinese telecommunications service provider, often at the end of DDoS attacks with large volumes.

The attack peaked at 3.9 million requests per second and averaged 1.8 million RPS. The strong attack lasted for four hours, and attackers used HTTP/2 multiplexing or combining multiple packets into one. Normally these attacks peaking to a million RPS last between several seconds or minutes, so this is the record attack for a reason.

This was the method to send multiple requests at once over individual connections. The company itself[3] reported the issue and confirmed the attack. It was launched from a botnet that compromised at least 170,000 different IP addresses spanning routers, security cameras, and compromised servers located in more than 189 countries. Primary locations were the US, Indonesia, and Brazil.

The DDoS attack that lasted four hours

Only one in ten attacks like this last for an hour, but this DDoS attack lasted for four and had notable firepower to run for so long when a small percent of such incidents can run longer than a few minutes.[4] Imperva mitigated the attack that was launched by a massive botnet spread across 180 countries.

The botnet, responsible for the major DDoS[5] attack, used 170,000 captured devices like smart security cameras, modem routers, vulnerable servers, and poorly protected IoTs. Some of the servers that generated malicious traffic were hosted on public clouds and cloud security service providers. These facts indicate large-scale abuse.

This is one of the record attacks of such type and has some similarities to other record attacks like the DDoS attack on Cloudflare. However, it is not disclosed if the Mantis botnet is the same malware piece used in this incident that Imperva had to mitigate too.

Botnet usage in major attacks

The botnet used in this attack was not named or identified by the company or other researchers, but these tools are often used in attacks against entities, individuals, groups. IoT botnets believe to fuel these DDoS attacks recently. The increased proliferation of such devices helped IoT botnets to rise and amplify DDoS attacks.

More sophisticated attacks and prolonged service outages can prevent business growth and corrupt major networks, significantly affecting operations in the long run. Data branches and ransomware attacks are still considered major concerns, but threats can also come after these botnets get used for other malicious purposes.

IoT devices are expected to reach 30.9 billion by 2025 as a threat. And these recent record DDoS attack numbers show that overall power continues to expand on these botnets. Online businesses should ensure they have proper and effective botnet takeover prevention.

About the author
Ugnius Kiguolis
Ugnius Kiguolis - The mastermind

Ugnius Kiguolis is a professional malware analyst who is also the founder and the owner of 2-Spyware. At the moment, he takes over as Editor-in-chief.

Contact Ugnius Kiguolis
About the company Esolutions

References
Files
Software
Compare