Someone has put a new spin on the good old DDoS attack. This new one is inspired by an acoustic beat, of all things. The attack was first spotted by the web infrastructure firm, Cloudflare. It comes as pulsating waves instead of bombarding a site in the old style.
This attack simulates the beat of a drum. The goal, for the attacker, is to deceive the security systems, which are armed to detect traditional DDoS patterns.
According to Omer Yoachimic, the Product Manager for DDoS Protection Service, the method was able to hit packet rates ranging from 18M to 42M pps. They last more than 19 hours with an amplitude of about 7Mpps.
The details emerged
The attack had wavelengths of around four hours, which peaked at around 42Mpps. The whole thing lasted about two days and was distributed across the globe, with every node firing an equal number of packets at the same rate.
During this two-day offensive, the company was able to detect and mitigate more than 700 DDoS attacks targeting a single business.
The attack was able to accumulate more than 500 Terabytes, out of a total of 3.6 Petabytes of attack traffic that were targeted on this one company in November alone.
The ‘beat’ wave
The attackers used ACK floods, SYN floods, UDP floods, and ‘Christmas floods’ where every TCP flag is ‘lit.’ In addition to all this, ICMP and RTS floods were also deployed.
The DDoS has been codenamed ‘Beat’ because of the method of attack. The inspiration truly had to have been a beat because the patterns showed an interference of two different wave frequencies.
The rate of the packets was determined by the equation of a beat wave:
(y’beat=y1+y2), where the two equations y1 and y2 represent the two waves.