Lumen prevents 1.06Tbps DDoS attack
Lumen Technologies successfully mitigated a 1.06Tbps attack that was part of a larger campaign targeting a single victim.
The news was unveiled in its quarterly report on Distributed Denial of Service (DDoS) attacks, but despite the scale and complexity of the attempted attack, the target experienced no downtime.
Aside from the size of the attack, other notable elements include the fact that it was part of a larger campaign in which the attacker attempted to use multiple techniques.
The first included using cloud-based services in a fraudulent way to significantly boost their attack capability. In this case cybercriminals hide their control of cloud-based services through compromised hosts or by anonymising services. The attacker then abuses the cloud providers' resources to launch sizable attacks against victims.
"Using cloud and hosting providers to launch large DDoS attacks creates a unique challenge because it puts both the victim and the provider at risk," said Mark Dehus, director of threat intelligence for Black Lotus Labs, the threat research team at Lumen.
"Cloud providers must be vigilant to ensure their services are not being abused. They should also have mitigation methodologies to limit the impact if a threat actor gains unauthorised or fraudulent access to resources."
The second technique is hit-and-run attacks where victims are targeted with a series of consecutive or concurrent attacks that are relatively small in size and duration. Attackers deploy these attacks to assess a victim's defences and determine which attack methods will work.
The last method is VoIP targeting which according to researchers (including Lumen) began is on the rise. In Q2 2022, Session Initiation Protocol (SIP) accounted for just 1.84% of all mitigations – they represented a 315% increase over Q1 2022, and a 475% increase over Q3 2021.
While the number of SIP attacks is low compared to other methods, attacking SIP is a more 'surgical approach' to disrupting VoIP services compared to DDoS brute-force methods like TCP-SYN flooding and UDP-based amplification.
"Organisations of all types can be victimised by DDoS attacks," added Dehus. "Using the intelligence and visibility from the Lumen Platform, Black Lotus Labs can protect Lumen DDoS customers with better insights from the ever-growing list of threats to business-critical systems and data."