August 18, 2017 by

‘Pulse Wave’ – A New Form of DDoS Attack

Researchers at DDoS mitigation firm Imperva Incapsula have uncovered a new form of DDoS attack named Pulse Wave, which sees attackers take down servers previously thought to be secured by mitigation solutions.

Botnet-led DDoS attacks have normally followed a trend where traffic builds up before a peak is reached, after which a sudden or a gradual drop occurs. In other words, the build up to a substantial DDoS attack takes time, as bots take time to band together gradually.

However, a new “pulse wave” pattern of attack has shown that a massive number of bots instantaneously target and overwhelm a targeted server or website before retreating just as quickly, prior to going from zero to maximum again. This method would allow an attacker to conduct DDoS attacks on multiple attacks at the same time, rather than focusing on just one.

Researchers observed one particular DDoS stream where attackers were able to mobilize a 300Gbps botnet in a matter of seconds before scaling back that traffic in equally quick time. With such an attack, researchers speculated that the botnet doesn’t shut down during the attack’s relatively short downtime period. Instead, the botnet switches back to a different target, before switching back to the first target again to execute a quick pulse wave cycle. This carries on, over and over again with multiple targets.

“This, coupled with the accurate persistence in which the pulses reoccurred, painted a picture of very skilled bad actors exhibiting a high measure of control over their attack resources,” Incapsula researchers added.

Explaining the attack further, researchers wrote:

A pulse wave attack, having no ramp-up time, represents a worst-case scenario for any network defended by such hybrids. As soon as the first pulse hits, it immediately congests the traffic pipe—cutting off the network’s ability to communicate with the outside world. This not only results in a denial of service, but also prevents the mitigation appliance from activating the cloud scrubbing platform. […] For the pulse duration, the entire network shuts down completely. By the time it recovers, another pulse shuts it down again, ad nauseam.

Experts further note that this new form of DDoS attack could prove tricky for “hybrid” mitigation solutions and are bound to gain prominence to botnet herders because of its unpredictable attack patterns. Hybrid solutions are a mixture of hardware defenses and cloud-based solutions.

A typical mitigated attack would see the hardware trigger a cloud-based DDoS defense at the time of an attack. However, a pulse attack would effectively see the local equipment flooded in a matter of seconds, leaving it vulnerable and weak – without the required bandwidth – to call for its cloud-based cousin.

Image credit: Pixabay.

About the author

Image of Author

LIFARS is the global leader in Digital Forensics and Cyber Resiliency Services. Our experience spans two decades working on high profile events, often in concert with Law Enforcement Agencies around the world. Our proprietary methodology derives directly and indirectly from our experience working with and for U.S. Intelligence Agencies, Interpol, Europol, and NATO. We are solely dedicated to Cyber Resiliency and thus pay close attention to all aspects of our clients’ engagements experience while providing a strategic and integrated array of services to minimum risk and disruption while protecting your brand.

Related articles

Fake SWIFT Service Emails Delivers Adwind Remote Access Trojan

An email phishing campaign has attempted to infect unsuspecting victims with the Adwind...

Read more arrow_forward

Tesla’s Cloud Account Hacked to Mine Cryptocurrency

Tesla’s cloud environment has been exploited by hackers who used the computational power to mine...

Read more arrow_forward

Snapchat Phishing Attack Swipes Credentials of Over 50,000 USers

Details have emerged on a phishing attack which saw hackers steal the credentials of over 50,000...

Read more arrow_forward