Hackers have devised a new and powerful short-duration DDoS attack that delivers repeated short bursts known as a Pulse wave to disrupt routers and servers.
Pulse wave DDoS attacks can last for days at a time and severely restrict the ability of servers to recover from initial cyber attacks.
Researchers at security firm Imperva Incapsula have demonstrated how a new mode of DDoS (Distributed Denial of Service) attack known as Pulse wave can cause widespread destruction of enterprise servers and infiltrate IoT connected devices and routers as well.
What is a Pulse wave attack?
Rather than attacking a target server continuously, Pulse wave attackers inflict repeated short bursts to disrupt routers and servers. These bursts can be as powerful as 350 Gbps and severely restrict the ability of servers to recover following the initial bursts.
“Pulse Wave DDoS represents a new attack methodology, made up of a series of short-lived pulses occurring in clockwork-like succession, which accounts for some of the most ferocious DDoS attacks we mitigated in the second quarter of 2017. In the most extreme cases, they lasted for days at a time and scaled as high as 350 Gbps,” says Igal Zeifman, lead researcher at Imperva Incapsula.
Such burst attacks have as much or even more destructive effect on target servers compared to usual DDoS attacks as they help hackers pin down several targets and double their resource utilisation. Intervals between each pulse burst is used by hackers to attack secondary targets as well.
"The pulse-like nature of these attacks, however, is especially harmful for appliance-first mitigation solutions, since it can cut down the communication between their two components, preventing effective failover from the appliance to the cloud," said the researchers.
"The attacks have the capacity to delay the time it takes for the cloud component of the mitigation solution to kick in. This increases the likelihood of the target going down and being forced to initiate a prolonged recovery process. Moreover, the pulse wave assaults can prevent transition of data collected in the early attack stages from the appliance and into the cloud to further harm its responsiveness," they added.
Short-duration DDoS attacks are increasingly gaining prevalence and Pulse wave is a rather successful example of the shift in hackers' approach. According to Zeifman, each pulse wave attack can cause tens of thousands of dollars in direct and indirect damages to commercial organisations and hackers are thus inclined to continue using this method to launch further attacks on commercial organisations in future.
How can organisations defend against such attacks?
According to the researchers, the hybrid mitigation industry which uses appliance-first mitigation solutions as the first line of defence should instead adopt 'a new topology that deploys the cloud as the first line of defense. Doing so would eliminate the bottleneck that can be exploited by pulse wave DDoS attacks.'
Organisations must also use encrypted and secure cloud technologies to back up their data to ensure that vulnerabilities in cloud storages are not exploited by hackers to steal vital information. At the same time, they should also double-check the ‘time to mitigation’ clause in their DDoS mitigation providers' SLA.