http://www.prolexic.com | Multi-vector DDoS attack campaigns make DDoS mitigation more difficult. Multiple attack vectors make it less likely the attack can be blocked with automated devices. In addition, the DDoS mitigation team has to track more details and to fight the attack on multiple fronts simultaneously. In this excerpt from their Q4 2013 Global DDoS Attack Report, Prolexic examines a recent attack that involved a dozen attack vectors, and explains how they fought back.

1. Q4 2013 DDoS Attack Spotlight: Multi-Vector Campaigns
Selected excerpts
Prolexic recently released the Q4 2013 Global Attack Report, which spotlights the following multivector distributed denial of service (DDoS) attack campaign against a global financial firm. This
DDoS campaign is a good example of how sophisticated malicious actors use a multi-pronged
approach to create attacks that are more difficult to stop and use every device at their disposal,
including mobile phones.
Multi-vector DDoS attack campaigns make DDoS mitigation more difficult. Multiple attack vectors
make it less likely the attack can be blocked with automated devices. In addition, the DDoS
mitigation team has to track more details and to fight the attack on multiple fronts simultaneously.
In this case, the attacks continued for four days, during which time Prolexic DDoS mitigation
experts monitored and responded to the attack in real-time day and night. Every time the attack
changed, the Prolexic DDoS mitigation engineers crafted a response to block the attack. In an
emerging trend seen in other recent DDoS attacks, mobile phones played a pivotal role in boosting
the strength of the attack.
The attack campaign spanned the globe, with Asian botnets playing a large role. The malicious
actors used botnets in Indonesia, China, U.S. and Mexico. The source was hidden behind a super
proxy – an IP address that acts as an intermediary for tens of thousands of other computer
systems. To avoid blocking traffic from legitimate users of the super proxy, the DDoS mitigation
team at Prolexic had to use advanced mitigation technologies to isolate the malicious network
traffic from legitimate traffic.
The campaign comprised at least 12 different attacks, some of which attempted to take down the
target by overwhelming the network layer (Layer 3) while others struck via the application layer
(Layer 7). The attack signatures indicated the malicious actors recruited voluntary and
involuntary participants in the botnet. In addition, unwitting domain name servers were
victimized via spoofing to launch distributed reflection denial of service (DrDoS) attacks against
the target.
Volunteers opted into the botnet with Low Orbit Ion Cannon
Botnets are usually formed when servers and personal computers are infected with a Trojan virus
or other malware that cause them to become unwitting participants in a DDoS botnet. Low Orbit
Ion Cannon, also known as LOIC, is a DDoS tool that takes a different approach. LOIC lets
supporters lend their computing resources by opting into a campaign. To become part of the
botnet, a participant simply downloads the tool and voluntarily connects to the attacker’s
command and control server. Once connected, the members of the Anonymous cooperative who

2. lead an attack can control the participating devices remotely via Internet relay chat (IRC) or a URL
shortening service, such as Bit.ly.
Apps for DDoS attacks
The Prolexic Security Engineering and Response Team (PLXsert), which analyzes DDoS attacks
globally, has observed an increasing use of mobile devices in DDoS campaigns, including this one.
This DDoS trend is most notable in markets such as Asia where the main means of access to the
Internet is a mobile phone.
Attack signatures matching AnDOSid, a DDoS attack tool for Android devices, and mobile LOIC
(Low Orbit Ion Cannon), a new Android app that was available from the official Google Play
appstore in December 2013, were observed during the campaign. PLXsert expects a significant
increase in the number of mobile devices participating in future DDoS campaigns as the
availability and adoption of these tools becomes widespread.
Get the full Q4 2013 Global Attack Report with all the details
Each quarter Prolexic produces a quarterly DDoS attack report. As the world’s leading DDoS
mitigation provider, Prolexic is ideally positioned to collect valuable data on the origins, tactics,
types, and targets of DDoS attacks and identify emerging trends. Download the Q4 2013 Global
Attack Report for:
● More details about this attack
● Attack signatures used
● Global DDoS attack trends
● Year-over-year and quarter-by-quarter comparisons
● Types of attacks used
● Network protocols at risk for abuse by attackers
● Industries targeted
● Details about real attacks mitigated by Prolexic
● Case study about the Asian DDoS threat
The more you know about DDoS attacks, the better you can protect your network against
cybercrime. Download the free Q4 2013 Global Attack Report today.
About Prolexic
Prolexic Technologies is the world’s largest and most trusted provider of DDoS protection and
mitigation services. Learn more at http://www.prolexic.com.