On June 14, a Chinese gambling company was unlucky enough to be at the end of a complex multi-vector DDoS attack that blasted over 470 gigabits per second (Gbps) and over 110 million packets per second (Mpps) at its servers.
The attack came after the company had already faced multiple 250+ Gbps attacks in the previous days. The good news is that this 470 Gbps attack only lasted four hours and was deflected by the company’s DDoS mitigation service.
Nine-vector DDoS attacks are rare
Even if short, the attack itself was extremely complex, with the crooks utilizing nine different attack vectors. Compared to data from the first quarter of 2016, nine-vector DDoS attacks are extremely rare and happen once every 500 attacks (0.2% of all attacks).
This particular attack started with a basic network-level assault that wanted to suffocate the network with large amounts of data. It first blasted SYN payloads, then generic TCP and UDP data packets.
From the get-go, the attack was different from all the previous attacks, throwing over 300 Gbps at its target from its initial seconds, before growing bigger to reach its peak value.
Attack evolved from network to application level
Midway through the attack, the crooks completely changed tactics. They stopped the network-level attack and shifted to an application layer DDoS, during which attackers send packets of a smaller size, but in larger numbers to occupy the memory of the receiving servers.
Incapsula, the company that was providing DDoS mitigation, said that in Q1 2016, it regularly mitigated application layer 50+ Mpps DDoS attacks every four days, and 80+ Mpps attacks every eight days. Even if this attack exceeded 110 Mpps, the company was able to mitigate the threat.
The combination of all these vectors makes this one of the most complex attacks the company saw. In fact, Incapsula said this was the biggest DDoS attack it mitigated in terms of sheer size (470 Gbps) in its entire history.
“On a technical level we want to make clear that there isn’t much difference in mitigating 300, 400, or 500 Gbps network layer attacks,” Incapsula’s Igal Zeifman and Ofer Gayer. “They’re similar threats, each dealt with in a similar manner. Large attack waves aren’t more dangerous than smaller ones. All you need is a bigger boat.”