http://www.prolexic.com | Multi-vector DDoS attack campaigns make DDoS mitigation more difficult. Multiple attack vectors make it less likely the attack can be blocked with automated devices. In addition, the DDoS mitigation team has to track more details and to fight the attack on multiple fronts simultaneously. In this slideshow, Prolexic examines a recent DDoS attack that involved a dozen attack vectors, and explains how they fought back.

1. Attack Spotlight: Multi-Vector DDoS Attacks
An attack against a global financial firm
www.prolexic.com

2. Key facts about the DDoS attack
• Distributed denial of service (DDoS) attack mitigated
by Prolexic in Q4 2013
• Targeted a global financial organization
• Multi-vector attack
• Well-orchestrated and sophisticated attack
• Four days and nights
• Multiple botnets
• Attack signatures and methods changed throughout
the campaign
• Mobile phones played a pivotal role
www.prolexic.com

3. Asian botnets played a key role in the Attack
• Main source countries
–
–
–
–
Indonesia
China
U.S.
Mexico
• Source was hidden behind a super proxy
– Legitimate users may use a super proxy for privacy
– Increases mitigation challenge to avoid blocking
uninvolved users of the super proxy
www.prolexic.com

4. It was a massive multi-vector attack
• At least 12 different attacks
–
–
–
–
Network layer (Layer 3)
Application layer (Layer 7)
Use of mobile phones
Hacktivist message
• Multi-vector attacks are more likely to bypass
automated DDoS mitigation devices
www.prolexic.com

5. Real-time human expertise was needed to
block the campaign
• To block the attack, Prolexic combined
– Advanced DDoS mitigation technology
– Skilled DDoS mitigation experts
• Experts monitored and responded to the attack in
real-time
• When the attack changed, the mitigation method
had to change
• Experts crafted a response to block every new
attack
www.prolexic.com

6. Attack components: Low Orbit Ion Cannon
(LOIC)
• Supporters download the tool and opt-in to lend
their computing resources
• Members of the Anonymous cooperative control
participating devices
• Controlled via
– Internet relay chat (IRC)
– URL shortening services, such as Bit.ly
www.prolexic.com

7. Attack components: Mobile phones
• New DDoS trend
• 6.8 million mobile devices worldwide
• More than half the world’s mobile users are in Asia
– China
– India
• Mobile devices
– Are vulnerable to malware
– May become part of a botnet unwittingly
– May be deliberately used by downloading a mobile
DDoS apps
www.prolexic.com

8. Attack components: Mobile phones, continued
• Easy-to-use mobile DoS apps
are available for download
• AnDOSid
– Android app
– Produces POST floods
• Mobile LOIC
– Android app
– Available from mainstream app
store in December 2013
www.prolexic.com

9. Prolexic Q4 2013 Global Attack Report
• Download the Q4 2013 Global Attack Report for:
–
–
–
–
–
–
–
–
–
More details about this attack
Attack signatures used
DDoS attack trends
Year-over-year and quarter-by-quarter comparisons
Types of attacks used
Network protocols at risk for abuse by attackers
Industries targeted
Details about real attacks mitigated by Prolexic
Case study about the Asian DDoS threat
www.prolexic.com

10. About Prolexic
• Prolexic Technologies is the world’s largest and
most trusted provider of DDoS protection and
mitigation services
• Prolexic has successfully stopped DDoS attacks for
more than a decade
• Our global DDoS mitigation network and 24/7
security operations center (SOC) can stop even the
largest attacks that exceed the capabilities of other
DDoS mitigation service providers
www.prolexic.com