In the ever-evolving landscape of cyber threats, Distributed Denial of Service (DDoS) attacks continue to grow in both scale and sophistication. A stark reminder of this was seen in early 2024, when an unprecedented six-day Web DDoS attack campaign set new benchmarks for the sheer intensity and persistence of such attacks.
According to Radware’s February 2024 Global Threat Analysis Report, this campaign dwarfed the 20-hour Web DDoS attack reported in 2023, which peaked at 2.8 million requests per second (RPS). The 2024 attack consisted of multiple waves spanning 100 total hours, with individual waves lasting between four and 20 hours. The attack sustained an average of 4.5 million RPS, reaching a peak of 14.7 million RPS—a staggering figure that places it among the most aggressive DDoS campaigns ever recorded.
Attack Overview: A Relentless Assault on Financial Services
The primary target of this sustained assault was a financial institution in the UAE. For six days, the institution was under attack for 70% of the time, facing a relentless barrage of malicious web requests. At times, the ratio of legitimate to malicious requests was as low as 0.002%, and throughout the campaign, it averaged just 0.12%. The attackers aimed to overwhelm the institution’s web applications, but despite their efforts, the financial services remained operational, thanks to Radware’s robust Web DDoS Protection Services.
During this attack, Radware’s defenses intercepted over 1.25 trillion malicious requests while ensuring that 1.5 billion legitimate requests passed through unscathed. This precise filtering was critical in maintaining the availability and performance of the institution’s online services, even as the attackers continued to ramp up their efforts.
Attack Patterns and Motivation
The attack waves varied in duration and intensity, but the peak moments—like the 14.7 million RPS surge—demonstrated the attackers’ commitment to breaking through the financial institution’s defenses. Despite their persistence, the institution’s services remained unaffected, and after six days of constant assault, the attackers gave up.
Radware’s threat research attributed this massive campaign to the hacktivist group SN_BLACKMETA. This group is known for launching ideologically driven attacks, and the motivation and tactics employed in this incident matched their previous operations. In addition to SN_BLACKMETA’s involvement, Radware speculates that the attackers utilized the InfraShutdown DDoS-for-hire service, a premium tool in the cybercriminal ecosystem. Subscriptions to this service range from $500 per week to $2,500 per month, offering clients the infrastructure needed to carry out high-volume DDoS attacks like this one.
The Infrastructure Behind the Attack
The suspected use of InfraShutdown, a premium DDoS-for-hire service, highlights the growing commercialization of cyberattacks. Services like this make sophisticated DDoS attacks accessible to a wider range of attackers, allowing even those with limited technical knowledge to launch powerful, sustained campaigns against high-profile targets. The ease of access and affordability of these services contribute to the growing prevalence of large-scale Web DDoS attacks, which are becoming more common and difficult to mitigate.
The Importance of DDoS Protection in 2024
As this attack shows, DDoS threats are escalating both in terms of scale and complexity. Attackers are no longer satisfied with brief disruptions; they are launching prolonged campaigns designed to wear down even the most robust defenses. Organisations in all sectors, especially finance, must stay ahead of these evolving threats by investing in advanced DDoS protection solutions.
Radware’s Web DDoS Protection Services played a crucial role in mitigating this attack, preventing downtime, and preserving the integrity of the financial institution’s services. In an era where DDoS-for-hire services are readily available, comprehensive DDoS defense is no longer optional—it is a critical component of any organisation’s cybersecurity strategy.
Preparing for the Next Wave
As attackers become more sophisticated and DDoS-for-hire services grow in popularity, organisations must remain vigilant and proactive in their cybersecurity efforts. Real-time traffic analysis, scalable mitigation solutions, and threat intelligence are key to staying ahead of these evolving threats.
Contact White Arrow Technology if you are interested in knowing more about how to protect your organisation from large-scale DDoS attacks and other emerging cyber threats.
No responses yet