August 18, 2017 by

‘Pulse Wave’ – A New Form of DDoS Attack

Researchers at DDoS mitigation firm Imperva Incapsula have uncovered a new form of DDoS attack named Pulse Wave, which sees attackers take down servers previously thought to be secured by mitigation solutions.

Botnet-led DDoS attacks have normally followed a trend where traffic builds up before a peak is reached, after which a sudden or a gradual drop occurs. In other words, the build up to a substantial DDoS attack takes time, as bots take time to band together gradually.

However, a new “pulse wave” pattern of attack has shown that a massive number of bots instantaneously target and overwhelm a targeted server or website before retreating just as quickly, prior to going from zero to maximum again. This method would allow an attacker to conduct DDoS attacks on multiple attacks at the same time, rather than focusing on just one.

Researchers observed one particular DDoS stream where attackers were able to mobilize a 300Gbps botnet in a matter of seconds before scaling back that traffic in equally quick time. With such an attack, researchers speculated that the botnet doesn’t shut down during the attack’s relatively short downtime period. Instead, the botnet switches back to a different target, before switching back to the first target again to execute a quick pulse wave cycle. This carries on, over and over again with multiple targets.

“This, coupled with the accurate persistence in which the pulses reoccurred, painted a picture of very skilled bad actors exhibiting a high measure of control over their attack resources,” Incapsula researchers added.

Explaining the attack further, researchers wrote:

A pulse wave attack, having no ramp-up time, represents a worst-case scenario for any network defended by such hybrids. As soon as the first pulse hits, it immediately congests the traffic pipe—cutting off the network’s ability to communicate with the outside world. This not only results in a denial of service, but also prevents the mitigation appliance from activating the cloud scrubbing platform. […] For the pulse duration, the entire network shuts down completely. By the time it recovers, another pulse shuts it down again, ad nauseam.

Experts further note that this new form of DDoS attack could prove tricky for “hybrid” mitigation solutions and are bound to gain prominence to botnet herders because of its unpredictable attack patterns. Hybrid solutions are a mixture of hardware defenses and cloud-based solutions.

A typical mitigated attack would see the hardware trigger a cloud-based DDoS defense at the time of an attack. However, a pulse attack would effectively see the local equipment flooded in a matter of seconds, leaving it vulnerable and weak – without the required bandwidth – to call for its cloud-based cousin.

Image credit: Pixabay.

About the author

Image of Author

LIFARS is a digital forensics and cybersecurity intelligence firm based in New York City. LIFARS is ranked as one of the top Digital Forensics and Cyber Investigations companies in 2016 and as one of the top cybersecurity companies in the New York metropolitan area for 2015 on the Cybersecurity 500 – a directory of the hottest and most innovative companies to watch in the cybersecurity industry.

Related articles

New Ransomware ‘Spider’ Threatens Wipeout in 96 Hours

A new strain of ransomware discovered by security researchers encrypts files and gives victims a...

Read more arrow_forward

Security Researchers Discover Trove of 1.4 Billion Credentials

Security researchers at dark web monitoring firm 4iQ have stumbled upon a massive 41GB data file of...

Read more arrow_forward

Gartner Research: Cybersecurity Spending to Hit $96 Billion in 2018

Gartner has predicted worldwide security spending to increase by 8% in 2018 to hit a staggering $96...

Read more arrow_forward