Massive traffic attack: botnet-powered Layer 7 HTTP flood
Previously 'only-theoretical' attack made real; impact consumes server resources to make websites implode
Content delivery network company CloudFlare has surfaced what appears to be an apparently very potent Distributed-Denial-of-Service (DDoS) attack. The specific occurrence is said to have involved mobile advertisements capable of generating around 275,000 HTTP requests per second.
The unnamed victim has subjected to what is known as a Layer 7 HTTP flood attack. Security specialists Sucuri explains this action as a type of DDoS attack made to overload specific parts of a site or server.
According to Sucuri, “They are complex and they are hard to detect because the requests they send look like legitimate traffic. These requests consume the server's resources and make the site go down. Layer 7 HTTP flood attacks can also be sent by bots, increasing the attack's power.”
CloudFlare itself says that servers are constantly being targeted by DDoS attacks and that it typically sees everything from attempted DNS reflection attacks to L7 HTTP floods involving large botnets as a part of normal business.
“Since an efficient distribution vector is crucial in issuing large floods, up until now I haven't seen many sizable browser-based floods,” said Majkowski.
Plausible distribution vector
Speaking to SCMagazineUK.com in connection with this story today was Dave Larson, CTO at Corero Network Security. “What we are seeing here is the next evolution in DDoS attack techniques – taking advantage of a new vector to target and impact victims,” he said.
“With significant DDoS threats emerging that leverage mobile devices it is incumbent on mobile operators to begin to deploy protection to address the problem within their networks,” he added.
This attack is an example of how automation is changing the face of cyber-attacks, says Adrian Crawley, Radware's regional director Northern Europe. “Anyone doubting this reality should consider that we've seen a more than 300 percent increase in organisations under constant cyber-attack, a sure indication that attacks now come from tireless machines,” he said.
“For those wondering how the security community should respond, the answer may well be a ‘if you can't beat them, join them' approach where the same degree of automation is implemented into security management,” he added.
“We've reached a ‘my good bot against your bad bot' state in security.”
News of this DDoS attack comes on the back of a new cyber security survey which suggests that an overwhelming majority of cyber-security experts (87 percent) believe that mobile payment-related data breaches will increase over the next 12 months. The 2015 Mobile Payment Security Study was conducted by ISACA and summary findings are available at this link.