Online gambling site hit by five-vector DDoS attack peaking at 100Gbps

Share this article:
Online gambling site hit by five-vector DDoS attack peaking at 100Gbps
Incapsula fought off a five-vector DDoS attack against an online gambling site on Friday that peaked at 100 Gbps.

On Friday, cloud-based security services provider Incapsula fought off a 100 gigabits per second (Gbps) distributed denial-of-service (DDoS) attack against an online gambling website that utilized more than five DDoS attack vectors.

The vectors used in the DDoS attack included a SYN flood, Large SYN flood, NTP amplification, DNS flood, and DNS amplification, Marc Gaffan, chief business officer and cofounder of Incapusla, told in a Tuesday email correspondence.

In terms of bandwidth consumption, the DNS flood made up 75 percent of malicious traffic, while the Large SYN flood was responsible for about 20 percent, Gaffan said, adding the other attacks were used mostly as types of smoke screens.

“Dealing with such network attacks requires extensive across-the-board over-provisioning – not only large network pipes, but also large CPU and memory reserves as well as a resilient DNS infrastructure,” Gaffan said.

Gaffan could not reveal the identity of the targeted gambling website, but he explained that on Friday, the five-vector DDoS attack peaked at about 100 Gbps and lasted for longer than 24 hours. Incapsula was unable to determine the location of the attackers because they here hiding behind spoofed IP addresses, Gaffan added.

Multi-vector DDoS attacks are not anything new, but still, attacks involving four or more vectors are fairly uncommon.

In a DDoS Threat Landscape report published in March, Incapsula determined that 81 percent of DDoS attacks were multi-vector, while only 19 percent were single-vector. Breaking it down further, 41.3 percent of attacks used two vectors, 32.1 percent used three vectors, 4.2 percent used four vectors, and only 3.4 percent used five vectors.

“Multi-vector events are becoming more and more common, and for good reason,” Gaffan said. “With the evolution of DDoS protection services, attackers are also stepping up their game, using larger and more sophisticated DDoS threats that are specifically designed to identify and exploit security flaws in protected Internet infrastructures.”

Share this article:

Sign up to our newsletters

More in News

Community Health Systems faces lawsuit related to data breach

The suit claims the hospital operator failed to meet security standards to protect the personal information belonging to patients.

Norwegian oil companies targeted in string of attacks

More than 300 companies are being warned to check their systems after at least 50 oil companies confirmed that their systems were attacked.

Possible payment card breach at Dairy Queen stores

Several financial institutions are reporting payment card fraud activity on credit and debit cards used at various Dairy Queen stores around the country, according to Brian Krebs.