Cybersecurity firm Imperva revealed that it mitigated a Distributed Denial of Service (DDoS) attack with a total of over 25.3 billion requests on June 27, 2022.
The “heavy attack”, which targeted an unnamed Chinese telecommunications company, reportedly lasted four hours and peaked at 3.9 million requests per second (RPS).
“Attackers used HTTP/2 multiplexing, or combining multiple packets into one, to send multiple requests over individual connections at once,” Imperva said in a September 19 report.
The attack was launched from a botnet that included nearly 170,000 different IP addresses covering compromised routers, security cameras and servers located in more than 180 countries, mainly in the United States, Indonesia and the United States. Brazil.
The disclosure also comes as web infrastructure provider Akamai said it launched a new DDoS attack targeting an Eastern Europe-based customer on September 12, with attack traffic reaching 704.8 million packets per second. (pps).
The same victim had previously been targeted on July 21, 2022, in a similar manner in which the attack volume increased to 853.7 gigabits per second (Gbps) and 659.6 million pps over a 14 hour period. hours.
Akamai’s Craig Sparling said the company had been “relentlessly bombarded with sophisticated distributed denial-of-service (DDoS) attacks,” indicating the offensives could be politically motivated in the face of Russia’s ongoing war on Israel. Ukraine.
The two disruptive attempts were UDP flooding attacks where the attacker targets and floods arbitrary ports on the target host with User Datagram Protocol (UDP) packets.
UDP, being both connectionless and sessionless, makes it an ideal network protocol for handling VoIP traffic. But those same traits can also make him more susceptible to exploitation.
“Without an initial handshake to ensure a legitimate connection, UDP channels can be used to send a large volume of traffic to any host,” says NETSCOUT.
“No internal protection can limit the UDP flooding rate. Therefore, UDP flooding DoS attacks are exceptionally dangerous as they can be executed with a limited amount of resources.”