DDoS Attacks and Mitigation

A distributed denial-of-service (DDoS) attack is one in which a multitude of compromised systems attack a single target, thereby causing denial of service for users of the targeted system. According to Verizon’s 2017 Data Breach Investigations Report (DBIR) 98% of all DDoS attacks are targeted at large organizations and while of the least lucky organizations that deal with a constant barrage all year, most of these attacks stop after a few days.

According to analysis done by Verisign, attacks decreased by 23% in Q1 2017. While they saw a decrease in the actual number of attacks they did observe higher volume. The largest volumetric and highest intensity DDoS attack observed by Verisign in Q1 2017 was a multi-vector attack that peaked over 120Gbps and around 90 million packets per second. This attack sent a flood of traffic to the targeted network in excess of 60Gbps for more than 15 hours. According to signatures collected from the attack it was said to have been using the Mirai botnet.

Mirai, which is Japanese for “The Future”, is a botnet first found in August of 2016. Mirai scans the internet for Internet of Things (IoT) devices like IP cameras and home routers and runs the login against a table of more than 60 common factory default usernames and passwords and logs in to infect the device. Infected devices will continue to function normally, except for occasional sluggishness, and an increased use of bandwidth so it is difficult for a normal home user to notice or identify. Upon infection Mirai will identify “competing” malware and remove them from memory and block remote administration ports, essentially closing the door behind it. Infected devices will monitor a Command and Control server (C&C) for instructions of intended targets.

Mirai was used in the 2016 DDoS attack on Brian Krebs website, “Krebs on Security” which reportedly reach 620 Gbit/s. Ars Technica also reported a 1 Tbit/s attack on French web host OVH. On October 21st 2016, multiple major DDoS attacks in DNS services of DNS service provider Dyn occurred using Mirai malware, resulting in the inaccessibility of several high-profile websites such as GitHub, Twitter, Reddit, Netflix, Airbnb and many others.

Make sure that you’re better equipped to handle these attacks by contacting Thrive today. There’s no need to feel alone in the security world, let our highly trained professionals assist in mitigation technologies and help protect against bulk volumetric, layer 7 application, and SSL/HTTPS DDoS attacks.