Keep calm and mitigate: how one of the biggest DDoS attacks ever…had absolutely no effect

ddos-attack

When it comes to the battles waged between enterprising cybercriminals and the security firms dedicated to stopping them, wily cat and mouse games tend to come to mind. High stakes chess matches. Virtual bobbing and weaving and non-stop strategy. And certainly, that’s often the case.

But sometimes it’s not like that at all. Once in a great while a group of attackers decides to throw everything they have at a target and the security firm tasked with protecting that target has no choice but to meet brute force with brute force, to swing a mallet back at a baseball bat. Like in the case of the massive 470 Gbps DDoS attack that ran into a bigger beast.

The dangers of DDoS

A DDoS attack is otherwise known as a distributed denial of service attack, one of the most common and devastating online attacks in existence. A DDoS attack uses botnets consisting of a number of compromised internet-connected devices to hit a target with a large amount of malicious traffic with the goal of taking it offline or slowing it down enough that it’s unusable.

Some of the consequences of a successful distributed denial of service attack are immediate. While a website is down, it’s not getting traffic and it’s not making sales. But a DDoS attack can also have a ripple effect on users. If they can’t use a website, they get frustrated, possibly abandoning the site in favor of a competitor. Furthermore, when users find out the outage was caused by a DDoS attack it can lead to a loss of trust, especially since DDoS attacks are often used as smokescreens for the theft of confidential data, including users’ personal and financial information. Distributed denial of service attacks are also commonly linked to hardware and software damage.

Those at risk

With the proliferation of DDoS for hire and DDoS ransom notes, nearly every website is now at risk of falling victim to a DDoS attack. Some industries are more targeted than others, however, and those industries aren’t being hit by script kiddies looking to make a few bucks. Online gaming, online gambling and banking companies are routinely targeted by major attackers looking to do major damage, either for competitive advantage, theft of confidential information, or to gain internet infamy when angry users lose their minds on social media.

The good news for companies in those industries is that they’ve been wearing those big bulls-eyes for years, and forewarned is forearmed. Just ask the Chinese gambling company that would have been walloped in June if they didn’t have industry-leading distributed denial of service protection.

The storms before the storm

For the gambling company, the week leading up to June 14th was marked by daily DDoS assaults. This isn’t necessarily out of the ordinary for a gambling company, but these already large-scale assaults were ramping up to something big: a network layer distributed denial of service attack that from its first second reached over 250 Gbps.

A network layer attack of this size is big enough to take down any website without DDoS mitigation as well as many websites with professional mitigation, as many mitigation services don’t have the bandwidth available to deal with an assault of this size. Luckily for the gambling company, they had invested in Imperva Incapsula’s DDoS protection, and were in a good position when they found themselves under DDoS attack. While this four-hour attack that peaked at 470 Gbps was the biggest Incapsula has ever mitigated, they did so without any of the gambling company’s users ever even realizing anything was happening.

Big problem, Behemoth solution

In order to keep the gambling company’s users as well as all of the millions of users moving through the Incapsula network unaffected by the DDoS attack, the Incapsula team anycasted the malicious traffic to 21 of their most powerful data centers. Once the traffic was spread out it was routed through the Behemoth scrubbing servers in each data center, all 21 of which can handle up to 170 Gbps and 100 Mpps with no lag whatsoever. Using deep packet inspection, the Behemoth scrubbers identified the malicious traffic and filtered it out, never allowing it to reach the target’s network.

There was immense intelligence and strategy that went into mitigating this attack, of course, with the Behemoth servers adjusting their filtering algorithms every time the attackers tried to switch vectors or patterns to fool them. But when it comes right down to it, Incapsula won because its mitigation infrastructure was bigger and badder than one of the largest distributed denial of service attack the internet has ever seen.

Finesse is a wonderful thing, especially when it comes to fighting DDoS attacks. But sometimes, when attackers are launching everything they’ve got, you simply need a service that can flex more muscle.

Leave a Reply

Your email address will not be published. Required fields are marked *