Leet Botnet Rivals Mirai With 650 Gbps DDoS Attack On CDN And Security Service Provider Incapsula
With ten days to go before 2016 is in the rear view mirror (along with all of the celebrities it took), Incapsula found itself mitigating a DDoS attack that peaked at 650 gigabits per second, which is about 30Gbps more than the one that targeted the popular security blog KrebsOnSecurity in September. That incident caused the site's cloud service provider Akamai to no longer offer the blog's owner, Brian Krebs, free service.
In this case, the attack started at around 10:55 AM on December 21 and targeted several IPs in Incapsula's network. The CDN surmises that the attacker was not able to resole the IP address of his intended victim, which was masked by Incapsula's proxies, so he turned his attention to the CDN instead.
The first attacked lasted about 20 minutes and peaked at 400Gbps. After that failed to "make a dent," the attacker regrouped for another round and pelted the CDN with a larger botnet capable of generating 650Gbps of traffic and 150 million packets per second. That assault lasted 17 minutes and was "easily countered" as well.
"This was a fitting end to a year of huge DDoS assault, nasty new malware types and massive IoT botnets. What’s more, it showed exactly where things are heading next on the DDoS front. Spoiler alert: it’s about to get a lot worse," Incapsula stated.
Mirai alone was responsible for a 71 percent surge in global DDoS attacks, according to a recent report by Akamai. This is a problem that will grow even larger until device makers and consumers do a better job securing IoT devices.