October 2, 2012 (TSR) – Prolexic Technologies, a Hollywood, Fla.-based cybersecurity firm specializing in distributed denial of service (DDoS) protection services, today warned of an escalating threat from unusually large and highly sophisticated DDoS attacks.
The DDoS attacks have been launched in the last week using the so-called itsoknoproblembro DDoS toolkit. The malicious actor(s) behind the attacks have used this potent tool in conjunction with sophisticated attack methods that clearly demonstrate knowledge of common DDoS mitigation methods. The attack signatures are extremely complex and Prolexic has recorded sustained floods peaking at 70 Gbps (gigabytes per second) against some of its customers.
“What we are experiencing is a dramatic uptick in the size and sophistication of DDoS attacks to a level not previously observed,” said Prolexic Chief Executive Officer Scott Hammack. “Only a handful of companies around the world could survive a hit of 70 Gbps in conjunction with the complex blend of attack vectors we have witnessed.”
The itsoknoproblembro toolkit includes multiple infrastructure and application-layer attack vectors that can simultaneously attack multiple destination ports and targets, as well as Internet Control Message Protocol (ICMP), User Datagram Protocol (UDP), and Secure Sockets Layer (SSL) encrypted attack types. A common characteristic of the attacks is a large UDP flood targeting Domain Name System (DNS) infrastructures. Uniquely, the attacking botnet contains many legitimate IP addresses, enabling the attack to bypass most anti-spoofing mechanisms.
A botnet is a collection of Internet-connected computers that have been compromised and are under the control of malicious hackers.
“The size and sophistication of this threat has created a high-alert within various industries and with good reason,” said Hammack.
The Prolexic Security Engineering & Response Team (PLXsert) has been monitoring the itsoknoproblembro suite and issued an internal threat advisory to Prolexic customers earlier this month.
A case study with more details about the toolkit will be included in Prolexic’s quarterly attack report, which will be published in mid-October, along with a public threat advisory that includes fingerprinted attack signatures for recommended detection and mitigation strategies. The latest threat advisories are available to the public at www.prolexic.com/threatadvisories.