Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Imperva blocked the largest Layer 7 DDoS attack it has ever seen

Researchers at Imperva revealed that an undisclosed streaming service was hit by a massive DDoS attack that stopped it for 13 days. An undisclosed streaming service was hit by a 13‑day DDoS massive attack powered by a Mirai botnet composed of 402,000 IoT devices. Imperva confirmed that its systems were able to repel the attack […]

DDoS attack layer-7-1

Researchers at Imperva revealed that an undisclosed streaming service was hit by a massive DDoS attack that stopped it for 13 days.

An undisclosed streaming service was hit by a 13‑day DDoS massive attack powered by a Mirai botnet composed of 402,000 IoT devices.

Imperva confirmed that its systems were able to repel the attack and the service remained up and running during the DDoS attack.

“Targeting the authentication component of your site, this DDoS attack was led by a coordinating 402,000 different IPs, lasted 13 days and directed a peak flow of 292,000 RPS (Requests Per Second). Such a massive attack is more than possible — one of our CDN customers in the entertainment industry was hit by one earlier this spring.” reads the blog post published by Imperva.

According to Imperva, it was the largest Layer 7 DDoS attack it has ever seen.

DDoS attack layer-7-1

The attack occurred between April and early May, it was an application layer DDoS attack that generated more than 100,000 HTTP requests per second (RPS), peaking at 292,000 RPS. The attackers used a legitimate User-Agent widely used by the entertainment industry customer service application, to mask their attack.

The attackers attempted to saturate the authentication component of the streaming site.

Experts noticed that most of the IPs that were involved in the attack had the same opened ports: 2000 and 7547. These ports are usually associated with Mirai infections. Researchers also revealed that the attack originated mainly from Brazil.

Experts explained that Layer 7 DDoS attacks are harder to counter bacause the malicious traffic mimicks legitimate one.

You need a 3rd party vendor that can handle both Application Layer 7 DDoS attacks and Network Layer 3/4 DDoS attacks.

“However, a botnet with 400,000 IPs can perform a “slow and low” attack: each IP tries a few logins,  goes inactive, and then tries a few more. In such a technique, the access rate is very low, mimicking legitimate login attempts, and staying under rate limit policies.  You can protect yourself, your business and your reputation by using the Account Takeover Protection capability of Imperva’s Application Security stack. Stay safe!” concludes Imperva.

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – DDoS, hacking)

[adrotate banner=”5″]

[adrotate banner=”13″]