www.prolexic.com

Attack Spotlight: Multi-Vector DDoS Attacks

An attack against a global financial firm

www.prolexic.com2

Key facts about the DDoS attack

• Distributed denial of service (DDoS) attack mitigated by Prolexic in Q4 2013

• Targeted a global financial organization• Multi-vector attack• Well-orchestrated and sophisticated attack• Four days and nights• Multiple botnets• Attack signatures and methods changed throughout the

campaign• Mobile phones played a pivotal role

www.prolexic.com3

Asian botnets played a key role in the Attack

• Main source countries– Indonesia– China– U.S. – Mexico

• Source was hidden behind a super proxy– Legitimate users may use a super proxy for privacy– Increases mitigation challenge to avoid blocking

uninvolved users of the super proxy

www.prolexic.com4

It was a massive multi-vector attack

• At least 12 different attacks– Network layer (Layer 3)– Application layer (Layer 7)– Use of mobile phones– Hacktivist message

• Multi-vector attacks are more likely to bypass automated DDoS mitigation devices

www.prolexic.com5

Real-time human expertise was needed to block the campaign

• To block the attack, Prolexic combined– Advanced DDoS mitigation technology– Skilled DDoS mitigation experts

• Experts monitored and responded to the attack in real-time

• When the attack changed, the mitigation method had to change

• Experts crafted a response to block every new attack

www.prolexic.com6

Attack components: Low Orbit Ion Cannon (LOIC)

• Supporters download the tool and opt-in to lend their computing resources

• Members of the Anonymous cooperative control participating devices

• Controlled via– Internet relay chat (IRC) – URL shortening services, such as Bit.ly

www.prolexic.com7

Attack components: Mobile phones

• New DDoS trend• 6.8 million mobile devices worldwide• More than half the world’s mobile users are in Asia– China– India

• Mobile devices– Are vulnerable to malware – May become part of a botnet unwittingly– May be deliberately used by downloading a mobile

DDoS apps

www.prolexic.com8

Attack components: Mobile phones, continued

• Easy-to-use mobile DoS apps are available for download

• AnDOSid– Android app– Produces POST floods

• Mobile LOIC– Android app– Available from mainstream app

store in December 2013

www.prolexic.com9

Prolexic Q4 2013 Global Attack Report

• Download the Q4 2013 Global Attack Report for:– More details about this attack– Attack signatures used– DDoS attack trends– Year-over-year and quarter-by-quarter comparisons– Types of attacks used– Network protocols at risk for abuse by attackers– Industries targeted– Details about real attacks mitigated by Prolexic– Case study about the Asian DDoS threat

www.prolexic.com10

About Prolexic

• Prolexic Technologies is the world’s largest and most trusted provider of DDoS protection and mitigation services

• Prolexic has successfully stopped DDoS attacks for more than a decade

• Our global DDoS mitigation network and 24/7 security operations center (SOC) can stop even the largest attacks that exceed the capabilities of other DDoS mitigation service providers