The DDoS attacks have been launched in the last week using the so-called itsoknoproblembro DDoS toolkit. The malicious actor(s) behind the attacks have used this potent tool in conjunction with sophisticated attack methods that clearly demonstrate knowledge of common DDoS mitigation methods. The attack signatures are extremely complex and Prolexic has recorded sustained floods peaking at 70 Gbps and more than 30 million pps against some of its customers. Most mitigation providers would struggle to combat DDoS attacks with these characteristics.
"What we are experiencing is a dramatic uptick in the size and sophistication of DDoS attacks to a level not previously observed," said Prolexic Chief Executive Officer Scott Hammack. "Only a handful of companies around the world could survive a hit of 70 Gbps in conjunction with the complex blend of attack vectors we have witnessed."
The itsoknoproblembro toolkit includes multiple infrastructure and application-layer attack vectors, such as SYN floods, that can simultaneously attack multiple destination ports and targets, as well as ICMP, UDP and SSL encrypted attack types. A common characteristic of the attacks is a large UDP flood targeting DNS infrastructures. Uniquely, the attacking botnet contains many legitimate (non-spoofed) IP addresses, enabling the attack to bypass most anti-spoofing mechanisms.
"The size and sophistication of this threat has created a high-alert within various industries and with good reason," said Hammack. "I'm proud to say we've successfully mitigated multiple itsoknoproblembro campaigns throughout the year, even when attack vectors have continuously modulated during the course of the assault."
The Prolexic Security Engineering & Response Team (PLXsert) has been monitoring the itsoknoproblembro suite and issued an internal threat advisory to Prolexic customers earlier this month. A case study with more details about the toolkit will be included in Prolexic's quarterly attack report, which will be published in mid-October, along with a public threat advisory that includes fingerprinted attack signatures for recommended detection and mitigation strategies. The latest threat advisories are available to the public at www.prolexic.com/threatadvisories.
About the Prolexic Security Engineering & Response Team (PLXsert)
PLXsert monitors malicious cyber threats globally and analyzes DDoS attacks using proprietary techniques and equipment. Through data forensics and post attack analysis, PLXsert is able to build a global view of DDoS attacks, which is shared with customers. By identifying the sources and associated attributes of individual attacks, the PLXsert team helps organizations adopt best practices and make more informed, proactive decisions about DDoS threats.
Details of Prolexic's mitigation activities and insights into the latest tactics, types, targets and origins of global DDoS attacks are provided in quarterly reports published by the company. A complimentary copy of Prolexic's Q3 2012 Global DDoS Attack Report will be available shortly at www.prolexic.com/attackreports.
Prolexic is the world's largest, most trusted Distributed Denial of Service (DDoS) mitigation provider. Able to absorb the largest and most complex attacks ever launched, Prolexic restores mission-critical Internet-facing infrastructures for global enterprises and government agencies within minutes. Ten of the world's largest banks and the leading companies in e-Commerce, SaaS, payment processing, travel/hospitality, gaming and other at-risk industries rely on Prolexic to protect their businesses. Founded in 2003 as the world's first in- the-cloud DDoS mitigation platform, Prolexic is headquartered in Hollywood, Florida and has scrubbing centers located in the Americas, Europe and Asia. To learn more about how Prolexic can stop DDoS attacks and protect your business, please visit www.prolexic.com, follow us on LinkedIn, Facebook and Google+ or follow @Prolexic on Twitter.