It seems like distributed-denial of service (DDoS) attacks are destined to remain in the news cycle. They've brought down popular websites like Twitter, caused problems for game developers like Blizzard, and threatened national security. These attacks usually follow a familiar pattern: Bots flood a service's infrastructure until it can't withstand the traffic and disrupt the service for as long as possible, and then they move on to the next target.
Imperva has discovered a new "pulse wave" attack. Instead of gradually increasing the number of bots targeting a service until the infrastructure crumbles, a massive number of bots quickly overwhelms the servers, retreats just as fast, and then returns when things start to get back to normal. The company said this method would allow someone to conduct DDoS attacks on multiple targets simultaneously instead of focusing on just one.
In a blog post, Imperva said the attackers were able to mobilize a 300Gbps botnet in just a few seconds, then scale back that traffic just as quickly. This led the company to believe the botnet was operating at full capacity all the time and merely switching targets as needed. That way the attacker doesn't have to gradually mobilize the botnet for a single target and can instead attack multiple services with little to no downtime.
This type of attack is said to be particularly effective against "appliance first, cloud second" DDoS attack mitigation solutions. Imperva explained:
A pulse wave attack, having no ramp-up time, represents a worst case scenario for any network defended by such hybrids. As soon as the first pulse hits, it immediately congests the traffic pipe—cutting off the network’s ability to communicate with the outside world. This not only results in a denial of service, but also prevents the mitigation appliance from activating the cloud scrubbing platform. [...] For the pulse duration, the entire network shuts down completely. By the time it recovers, another pulse shuts it down again, ad nauseam.
Imperva said these pulse wave attacks have targeted gaming and financial technology ("fintech") companies over the last few months. These are high-value targets, but the company said it expects this type of attack to trickle down to lower priority victims as attackers realize they can accomplish twice as much with the same number of bots. (Many DDoS attacks are conducted by people paid to target a particular service.)
DDoS attacks were already irksome (from the consumer's perspective) and devastating (from the service provider's) enough. If more attackers find ways to improve their botnet's efficiency, chances are good that you'll have an even harder time streaming music or playing Final Fantasy XIV or doing pretty much anything else that requires an internet connection. Check out Imperva's whitepaper on these attacks for more info.
