Chinese Gambling Website Victim Of 470 Gbps DDoS Attack

Ben Sullivan,

‘Largest assault to date’ for mitigation provider Imperva Incapsula as gambling company hit by nine-vector DDoS

A 470 gigabits per second (Gbps) distributed denial of service (DDoS) attack on a Chinese gambling company has been described as one of the largest such attacks ever staged, setting a ‘new mark’ in the war between cyber criminals and their targets.

On June 14, security company Imperva Incapsula was called in to help mitigate the four-hour assault on an unnamed gambling website, “the largest assault” in the company’s records to date.

DDoS attacks are nefarious attempts by hackers to take down an online service by overwhelming it with traffic. Often, clusters of linked computers known as botnets are used to autonomously dish out DDoS attacks. Last December, the BBC website was knocked down by a DDoS attack that measured in at 600 Gbps.

Peaked

“FromDDoS its first moment, this attack burst reached above 250 Gbps. It then slowly built up over the following hours, peaking at 470 Gbps at 19:32,” explained Imperva Incapsula in a blog post.

“After reaching this highpoint, attack traffic scaled back and completely resided within 30 minutes.”

But the security company said that the attack was not only on a massive scale but was significantly complex.

The attack relied on a combination of nine different payload types, said Imperva, with the bulk of the traffic generated first by SYN payloads, then by generic UDP and TCP payloads.

“Such nine-vector assaults are very rare in our experience. Putting things in perspective, in Q1 2016 they accounted for no more than 0.2 percent of all network layer DDoS attacks against our clients,” said Imperva.

The mitigation provider said that with over two Tbps in total network capacity, and more than 100 Gbps capacity on its 30 data centres, its ability to mitigate the attack was “never in question”, though.

But the challenge came in mitigating an assault of this size without impacting the million of users moving through its network at any given time.

“To this end, our netops team anycasted the attack traffic between 21 of our more powerful data centres, letting them all participate in mitigation while retaining high capacity margins,” explained the company.

“In each of those locations the attack traffic was routed through our BH (codename Behemoth) scrubbing servers, each of which can process up to 170 Gbps and 100 Mpps at an inline rate (read: no lag whatsoever).”

Take our cybersecurity quiz here!