Whether it's hacktivists conducting cyberwarfare or ransom-seeking criminals targeting vulnerable firms in financial services, retail, energy, or transportation, a new breed of destructive distributed denial of service attack - the Web DDoS Tsunami - is wreaking havoc around the world.
These attacks aren't settling for intense bursts of simple pings or flooding ports at layer 3 or layer 4.
Attack volume - The past few months have seen several attacks with RPS rates reaching 10 million - a dramatic escalation.
What's more, sophisticated and expensive L7 infrastructures present greater challenges when it comes to mitigating these attacks.
Attack duration - While some infamous ultra-high RPS attacks have lasted less than a minute, other recent Web DDoS Tsunami attacks have continued many hours or even days under multiple attack waves.
During a Web DDoS Tsunami, each attacking IP generates RPS levels that are similar to, higher, or lower than RPS levels from legitimate clients.
In some cases, attackers generate Web DDoS Tsunami attacks from a large number of botnets that generate very low RPS volumes to evade simple defenses, such as rate limiting.
Hackers conduct coordinated attacks on a single victim.
Multiple types of attacker IP addresses and high volumes of RPS can appear within a single attack, which are exceedingly difficult to untangle.
Type of attack transactions - Hackers can structure a web DDoS HTTP request in a wide variety of ways.
In a Web DDoS Tsunami, attackers avoid this by building more complex and genuine transactions.
Attackers craft more realistic and legitimate transactions that contain a set of legitimate-looking query arguments, HTTP headers, User Agent and referrer headers, web cookies, and more.
There is no simple, pre-defined signature or rule-based mechanism to mitigate attacks because the requests appear legitimate and do not indicate malicious intent.
Web DDoS Tsunami attackers use sophisticated techniques to bypass traditional application protections, and they change their attack pattern during the attack or use several attack request structures simultaneously.
When attacks are launched by several orchestrated botnets with different simultaneous strategies, you're facing millions of distinct transactions, all of which appear legitimate.
A proper defense requires a L7, behavioral-based solution that can adapt in real time, scale to a magnitude higher than an on-premises solution, and identify attacking requests without blocking legitimate traffic.
Minimize false positives - Dedicated behavioral-based algorithms quickly and accurately detect and block L7 DDoS attacks without interrupting legitimate traffic.
Prevent advanced threats and zero-day attacks - The solution should protect against a wide range of L7 DDoS threats, including smaller-scale, sophisticated attacks; new L7 attack tools and vectors; and large-scale, sophisticated Web DDoS Tsunami attacks.
Provide consistent protection - An automated, fully managed solution helps you block sophisticated attacks consistently across all applications and environments.
Protecting against Tsunami attacks isn't an easy or straightforward task.
This Cyber News was published on www.cyberdefensemagazine.com. Publication date: Wed, 03 Jan 2024 06:43:04 +0000