Incident Response, TDR

Online gambling site hit by five-vector DDoS attack peaking at 100Gbps


On Friday, cloud-based security services provider Incapsula fought off a 100 gigabits per second (Gbps) distributed denial-of-service (DDoS) attack against an online gambling website that utilized more than five DDoS attack vectors.

The vectors used in the DDoS attack included a SYN flood, Large SYN flood, NTP amplification, DNS flood, and DNS amplification, Marc Gaffan, chief business officer and cofounder of Incapusla, told in a Tuesday email correspondence.

In terms of bandwidth consumption, the DNS flood made up 75 percent of malicious traffic, while the Large SYN flood was responsible for about 20 percent, Gaffan said, adding the other attacks were used mostly as types of smoke screens.

“Dealing with such network attacks requires extensive across-the-board over-provisioning – not only large network pipes, but also large CPU and memory reserves as well as a resilient DNS infrastructure,” Gaffan said.

Gaffan could not reveal the identity of the targeted gambling website, but he explained that on Friday, the five-vector DDoS attack peaked at about 100 Gbps and lasted for longer than 24 hours. Incapsula was unable to determine the location of the attackers because they here hiding behind spoofed IP addresses, Gaffan added.

Multi-vector DDoS attacks are not anything new, but still, attacks involving four or more vectors are fairly uncommon.

In a DDoS Threat Landscape report published in March, Incapsula determined that 81 percent of DDoS attacks were multi-vector, while only 19 percent were single-vector. Breaking it down further, 41.3 percent of attacks used two vectors, 32.1 percent used three vectors, 4.2 percent used four vectors, and only 3.4 percent used five vectors.

“Multi-vector events are becoming more and more common, and for good reason,” Gaffan said. “With the evolution of DDoS protection services, attackers are also stepping up their game, using larger and more sophisticated DDoS threats that are specifically designed to identify and exploit security flaws in protected Internet infrastructures.”

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.