Indusface research on 1400+ websites recorded a significant surge in DDoS attacks and bot attacks during Q2, 2023, compared to Q1, 2023. We observed a 75% surge in DDoS attacks and a 48% increase in bot attacks.
Moreover, recent trends in DDoS attacks indicate a significant evolution beyond the Mirai bot, leading to the emergence of next-generation botnets that pose a far greater threat. One of them is a low-rate-per-bot HTTP DDoS attack.
A low-rate-per-bot HTTP DDoS attack is a type of cyberattack where many compromised or controlled devices, often called bots, send a relatively small number of HTTP requests to a target web server or application over an extended period.
Unlike traditional botnet attacks that flood the target with massive requests, low-rate-per-bot attacks focus on stealth and persistence.
In this attack, each bot sends requests at a rate that is intentionally kept low to avoid triggering rate-limiting or detection mechanisms. However, the cumulative effect of these requests from numerous bots can still overwhelm the target server or application, causing service disruption.
Businesses are facing a growing number of cyber threats, particularly in the form of complex application attacks. This report, titled “The State of Application Security Q2 2023,” draws on data collected from over 1400 applications.
The primary objective of a low-rate-per-bot HTTP DDoS attack is to fly under the radar of security measures by mimicking legitimate user traffic. This makes it challenging for security solutions to differentiate between malicious and legitimate requests, as the attack traffic appears less notable due to the reduced request rate per bot.
How can organizations protect against these advancing DDoS attacks? An alternative approach to static rate limiting – is behavior-based DDoS protection, and that is what AppTrana does.
A few weeks back, our team, using the AppTrana platform, uncovered an HTTP DDoS attack aimed at an application within a Fortune 500 company. This attack was executed by a botnet consisting of thousands of individual bots.
The HTTP Flooding attack’s magnitude was 3000X to 14000X greater than the typical request rate per minute experienced by the website. Further, this attack used roughly 8 million unique IP addresses during its two-week control.
While effective against specific DDoS attacks, rate-limiting proved inadequate in this scenario since some IPs were sending just one request per minute, and adjusting the rate limit to such a low level was not a feasible solution.
What set this attack apart was its distinctive targeting of base URLs, many of which were either non-existent or not publicly accessible, such as /404, /admin, and /config.
The large surge in traffic on the application led to a decrease in speed, elevated bandwidth utilization, and disrupted the ability of legitimate users to access the services.
AppTrana detected all these anomalies, and our managed service team strategically deployed a customized solution to reduce these attacks to zero.
Examine the comprehensive approach and solutions provided by Indusface and the outcomes achieved here.
Based on our observations in the customer case study, here are some recommendations for enhancing DDoS attack mitigation strategies, focusing on more advanced threats.
Recent research has revealed that a Russian advanced persistent threat (APT) group, tracked as "GruesomeLarch"…
Microsoft's Digital Crimes Unit (DCU) has disrupted a significant phishing-as-a-service (PhaaS) operation run by Egypt-based…
The Russian threat group TAG-110, linked to BlueDelta (APT28), is actively targeting organizations in Central…
Earth Kasha, a threat actor linked to APT10, has expanded its targeting scope to India,…
Raspberry Robin, a stealthy malware discovered in 2021, leverages advanced obfuscation techniques to evade detection…
Critical infrastructure, the lifeblood of modern society, is under increasing threat as a new report…