Fragmented DDoS Attack Hits User-Generated Content Platform with 2.45B Requests

Severity: High (Score: 64.5)

Sources: Scworld, hackread.com, Cybersecuritynews

Summary

A massive DDoS campaign targeted a major user-generated content platform, generating 2.45 billion malicious requests in just five hours. The attack utilized a fragmented approach, distributing traffic across 1.2 million unique IP addresses and 16,402 distinct Autonomous Systems, making traditional defenses ineffective. Attackers employed a 'low and slow' strategy, averaging one request every nine seconds per IP, which allowed them to evade standard rate-limiting measures. Despite attempts to disguise their traffic, the campaign was detected through behavioral analysis due to inconsistent TLS handshakes. This incident highlights vulnerabilities in current security measures and the need for improved detection models. The attack was identified by DataDome's Galileo threat research team, emphasizing the evolving tactics of cybercriminals. Security teams are urged to adapt their strategies to counter such sophisticated attacks. Key Points: • The DDoS campaign generated 2.45 billion requests in five hours. • Attackers used over 1.2 million unique IP addresses to bypass defenses. • Traditional security measures proved ineffective against the 'low and slow' attack method.

Key Entities

• DDoS (attack_type)