As more businesses migrate critical resources and applications to the public cloud, attackers are adapting their tactics and techniques to match the scale of public cloud providers. Last week, this trend played out as reality for one of the world’s largest service providers when it was hit by a 1.1 Tbps DDoS attack (Figure 1) that lasted approximately 36 hours. Here’s how this U.S. provider’s story unfolded.
The First Wave
The clock started ticking when this U.S. service provider noticed a service impact. At first, the service provider, which serves millions of businesses worldwide, intended to mitigate the attack using its on-premise solution as it usually does. However, a decision was quickly made to route all traffic through Radware’s Cloud DDoS Protection Service when the high-volume, multi-vector attack was too complex to handle locally.
Within a few minutes after the first call to Radware’s Emergency Response Team (ERT) hotline, the service provider’s assets were onboarded to Radware Cloud DDoS Protection Service and mitigation started.
During the first five hours of the attack, traffic peaked at 150 Gbps. The top attack vectors included UDP flood, UDP fragmentation flood, fragmented ACK and PSH flood, and NTP reflection (Figure 2). With UDP flood attacks, the attacker intends to saturate the victim’s internet pipes by sending large UDP packets to a single destination or to a random port. With fragmented ACK and PSH flood attacks, on the other hand, the attacker uses very small byte packets to hog the target network’s bandwidth using only a moderate packet rate. Radware’s ERT security experts worked in collaboration with the new customer to understand normal traffic patterns and immediately applied the relevant mitigation to fully block the first wave of the attack.
[You may also like: Top Things to Look for in DDoS Protection]
The Second Wave
Six hours into the incident, the second wave of the attack began, with traffic peaking at over 300 Gbps. Based on evidence gathered primarily from indicators of compromise, the attack traffic appeared to have originated primarily from Japan, the United States, Taiwan, and South Korea (Figure 3).
At this point, the unrelenting attack continued. Trying to disrupt service to the provider, approximately 150Gbps of traffic lasted for an additional three hours, before peaking at 1.1 Tbps.
The barrage of attack traffic was fully mitigated leveraging the capacity of only four of the scrubbing centers in Radware’s global network. The scrubbing centers were located in the United States and EMEA (Figure 4).
Post Peak
Post peak, approximately 800 Gbps of attack traffic continued for more than nine hours until the attacker’s resources were exhausted by Radware’s Cloud DDoS Protection mitigation and ERT experts.
As of the time of this blog, no hacktivist organization has assumed responsibility for the attack.
Is this just the beginning?
It is impossible to ignore the wave of hyper-volumetric DDoS attacks that have been recorded in 2022. While 2021 saw only a few 1Tbps attacks, attacks of 1Tbps and more are becoming a new reality this year.
As bandwidths and resources increase for legitimate businesses, they also increase for threat actors. It is only fair to assume that bad actors can scale as fast and high as their targets. Organizations need to be aware that DDoS attacks are a part of their threat landscape, irrespective of geography or industry.
Radware’s Cloud DDoS Protection Services protect organizations of all sizes from a wide variety from sectors, ranging from education, e-commerce, retail, and global financial services to worldwide governments, and leading service providers and carriers. It is safe to say that no organization, regardless of what they do or where they are located, are immune from attack.
Just curious, is the target Russian government or associated with Russian government site?
If yes, help to protect them is immoral.
I hope you continue to have valuable articles like this or more to share with everyone!
A successful hybrid cloud strategy balances risk mitigation with operational efficiency so that your organization can remain agile while keeping data secure.
In order for your firm to stay flexible while maintaining data security, a good hybrid cloud strategy strikes a balance between risk reduction and operational effectiveness.
In order for your firm to stay flexible while maintaining data security, a good hybrid cloud strategy strikes a balance between risk reduction and operational effectiveness.
I hope you’ll keep writing insightful posts like this one and others for us to everyone to read!
This post is exactly what I’m looking for. It’s dangerous to be attacked by radware.
I am surprised about this post. It has a nice presentation, and clear layout and the information is meaningful to me.
I kind of think an upgrade has been made before.
Love this! Glad I was able to check this site out.
I kind of liked this tech and this integration with radware. Thanks a lot for posting this in here.
Love the analysis! Glad you put the figures too so we can understand it easily.
A strong hybrid cloud strategy finds a balance between risk reduction and operational effectiveness to allow your company to remain adaptable while preserving data protection.
Awesome post you shared here.
Thank you for always sharing here an informative article.
Actually, this information is very useful, because I learned a lot from this. it helped me a lot. I hope to have many more entries or so from you.