Imperva Issues DDoS Warning After Fending Off 650Gbps Attack

Web security firm Imperva was hit by a 650Gbps (Gigabit per second) distributed denial of service (DDoS) attack at the end of 2016, the largest ever recorded on its network.

The Leet botnet attack, which occurred just four days before Christmas, targeted several anycasted IPs on the Imperva Incapsula network over two waves, both of which were effectively defended against.

The first wave lasted roughly 20 minutes and peaked at 400 Gbps, whilst the second lasted around 17 minutes and generated a “650 Gbps DDoS flood of more than 150 million packets per second (Mpps)”.

Leet botnet

Although Imperva was unable to trace the attack’s location or learn anything about the nature of the attacking devices, it was able to identify the type of botnet that was used by analysing the SYN payloads.

There, it found clues that point towards it being the Leet botnet. For example, the company writes that the attacker made “a conscious effort” to include a “signature” in the SYN packets in the form of values arranged to spell 1337, which is a known  reference to “leet.”

The company described the attack as a “fitting end to a year of huge DDoS assaults, nasty new malware types and massive IoT botnets” and also used it to point towards what is expected for the DDoS landscape in 2017.

“With 650 Gbps under its belt, the Leet botnet is the first to rival Mirai’s achievements. However, it will not be the last. This year we saw DDoS attacks escalate to record heights and these high-powered botnet are nothing more than a symptom of the times. And like we said, it’s about to get a lot worse.”

So, an ominous message to start the new year, but Imperva is not alone in issuing such a warning. Corero Network Security also warned that businesses should prepare for bigger and badder DDoS attacks in 2017, after a year in which the UK in particular was a prime target for cyber criminals.

Quiz: Is your cyber security knowledge up to scratch?