Skip to content

Imperva mitigated long-lasting, 25.3 billion request DDoS attack



    Internet security company Imperva has announced its DDoS (distributed denial of service) mitigation solution has broken a new record, defending against a single attack that sent over 25.3 billion requests to one of its customers.

    The target was a Chinese telecommunications service provider often at the receiving end of DDoS attacks with unusually large volumes.

    The DDoS attack unfolded on June 27, 2022, peaking at 3.9 million requests per second (RPS) and averaging 1.8 million RPS.

    While this pales compared to the record-breaking attack that Cloudflare mitigated in June, which topped at 26 million RPS, the duration in Imperva’s case was unusually long.

    Attacks peaking above one million RPS typically last between several seconds and a few minutes, but the one Imperva mitigated lasted over four hours.

    RPS over time diagram
    RPS over time diagram (Imperva)

    “The attack started at 3.1M RPS, and maintained a rate of around 3M RPS. Once the attack peaked at 3.9M RPS, the attack lowered for several minutes but returned to full strength for another hour,” describes Imperva.

    According to the company, only about one in ten DDoS attacks last for over an hour, and an even smaller percentage comes with notable firepower sustained for so long.

    Global botnet

    The DDoS attack that Imperva mitigated was launched by a massive botnet spread across 180 countries, with most IP addresses located in the U.S., Brazil, and Indonesia.

    Heatmap of DDoS swarm locations
    Heatmap of DDoS swarm locations (Imperva)

    The botnet used 170,000 captured devices, including modem routers, smart security cameras, vulnerable servers, and poorly protected IoTs.

    Imperva comments that some of the servers from where the malicious traffic originated are hosted on public clouds and cloud security service providers, indicating large-scale abuse.

    While the botnet wasn’t named or identified, it doesn’t appear to be “Mantis,” which was responsible for Cloudflare’s DDoS mitigation record in the summer.

    Cloudflare says that Mantis relies on a smaller number of devices, just over five thousand, focusing mainly on enlisting powerful servers and virtual machines.

    The number of devices used against Imperva’s client is closer to the Mēris estimates, the botnet responsible for the previous DDoS record, at 21.8 million RPS. Researchers have estimated the Mēris swarm to encompass between 30,000 and 250,000 devices.

    Still, both Mēris and Mantis have previously delivered quick blows in short-burst attacks, not multi-hour long DDoS, so this might be a novel, not yet identified botnet.


    Source link