Lumen stops 1.06 Tbps DDoS
attack in the company's largest mitigation to date
In its quarterly report on Distributed Denial of
Service (DDoS) attacks, Lumen Technologies revealed the company mitigated one of its largest
ever – a 1.06 terabits per second (Tbps) attack that was part of a larger
campaign targeting a single victim. Despite the size and complexity of the
attempted attack, the target experienced no downtime.
Size was not the only notable
element of the failed attack; it was also part of a larger campaign in which
the threat actor attempted to leverage multiple techniques. These techniques
are called out in the report as emerging trends in the second quarter.
Trend #1: Leveraging the cloud
- Attackers
leverage cloud-based services in a fraudulent way to significantly boost their
attack capability.
- To be
successful at this type of attack, cybercriminals mask their acquisition and
control of cloud-based services through compromised hosts or anonymizing
services. The attacker then abuses the cloud providers' resources to launch
volumetric attacks against their intended victims.
"Using cloud and hosting
providers to launch large DDoS attacks creates a unique challenge because it
puts both the victim and the provider at risk," said Mark Dehus,
director of threat intelligence for Black Lotus Labs, the threat research team
at Lumen. "Cloud providers must be vigilant to ensure their services are
not being abused. They should also have mitigation methodologies to limit the
impact if a threat actor gains unauthorized or fraudulent access to
resources."
Trend #2: Hit-and-run
- Analysis
from Black Lotus Labs revealed the
1.06 Tbps attack was part of a larger campaign that lasted 12 minutes. It began
when the threat actor attempted to deploy a series of "hit-and-run"
attacks. With this technique, victims are typically targeted with a series of
consecutive or concurrent attacks that are relatively small in size and
duration. Threat actors deploy these attacks to assess a potential victim's
defenses and determine which attack methods – if any – will be successful.
- The
longest campaign Lumen mitigated in Q2 lasted 21 days, 8 hours.
Trend #3: VoIP targeting
continues
- Late last
year, several researchers (including Lumen) began reporting on a rise in
attacks targeting VoIP providers. In Q2 2022, one attack vector – Session
Initiation Protocol (SIP) – stood out in the data. Although the number of SIP
attacks that Lumen mitigated was relatively small – just 1.84% of all
mitigations – they represented a 315% increase over Q1 2022, and a 475%
increase over Q3 2021.
- While the
number of SIP attacks is low compared to tried-and-true methods, attacking SIP
is considered a more surgical approach to disrupting VoIP services compared to
DDoS brute-force methods like TCP-SYN flooding and UDP-based amplification. For
more information about Lumen's previous research into VoIP attacks, read
our Q4 2021 DDoS report.
"Organizations of all types
can be victimized by DDoS attacks," said Dehus. "Using the
intelligence and visibility from the Lumen
Platform, Black Lotus Labs can protect Lumen DDoS customers with better
insights from the ever-growing list of threats to business-critical systems and
data."
Source: Lumen Technologies media announcement
