On June 14, Imperva mitigated a 470 gigabits per second (Gbps) DDoS attack targeting a Chinese gambling company. The attack lasted for over four hours and it is without a doubt one of, if not the, largest assault on record to date.
While the assault lacked the craftiness of DDoS threats Imperva has previously witnessed, it was significantly complex by network layer standards, relying on a mix of nine different payload (packet) types. Such nine-vector assaults are very rare in our experience. Putting things in perspective, in Q1 2016 they accounted for no more than 0.2% of all network layer DDoS attacks against our clients. Usually a perpetrator’s goal in using multi-vector attacks is to switch between different payload types in an attempt to bypass a mitigation service. So it was in this case when, midway through, the perpetrators changed their approach—using smaller payloads to increase their assault packet per second (pps) rate.
The attack follows Imperva’s blog from May where they revealed a China-based lottery website was the target of a HTTP POST flood attack, which peaked at a substantially high rate of 163,000 RPS.
Does this mean these huge attacks are set to become the new norm?