08-17-2017 , 02:21 PM
![[Image: DDoS-Normal.png]](https://www.bleepstatic.com/images/news/u/986406/attacks/DDoS/DDoS-Normal.png)
Quote:A new method of carrying out DDoS attacks named Pulse Wave is causing problems to certain DDoS mitigation solutions, allowing attackers to down servers previously thought to be secured.
Discovered by DDoS mitigation firm Imperva Incapsula, the name of this new technique comes from the look of its attack chart, shaped in the form of abrupt repeating pulses.
Classic attacks usually have the shape of a sloping triangle going up and down as an attacker slowly assembles bots and aims them at a desired target.
The new pulse wave attacks start from zero and go to maximum values in a very short time span, then go back to zero, and back to maximum, repeating in continuous cycles at short clocked intervals.
One botnet leveraging the technique:
Experts say they've seen pulse wave attacks in the past, but a recent botnet that has been active in the second quarter of 2017 has been using this technique on a regular basis.
"Whoever was on the other end of these assaults, they were able to mobilize a 300Gbps botnet within a matter of seconds," said Igal Zeifman, director of marketing at Incapsula. The biggest pulse wave DDoS attacks from this botnet peaked at 350 Gbps, a value way above the average of ~1 Gbps per normal DDoS attack.
Imperva analysts say that during the pulse wave attack's short downtime period, the botnet doesn't shut down and restart again a few minutes later.
Instead, experts say, the botnet switches to another target. When the down pulse period finishes, the botnet switches back to the first target executes a short pulse wave cycle and then changes to another target.
This precise level of control is specific to botnets offered for rent through a DDoS-for-hire service, who often work at maximum capacity almost all the time, and need to switch between different targets.
Read the full article: HERE