Attackers launch multi-vector DDoS attacks that use DNSSEC amplification

DDoS attacks are becoming increasingly sophisticated, combining multiple attack techniques that require different mitigation strategies, and abusing new protocols.

Incident responders from Akamai recently helped mitigate a DDoS attack against an unnamed European media organization that peaked at 363G bps (bits per second) and 57 million packets per second.

While the size itself was impressive and way above what a single organization could fight off on its own, the attack also stood out because it combined six different techniques, or vectors: DNS reflection, SYN flood, UDP fragment, PUSH flood, TCP flood, and UDP flood.

Almost 60 percent of all DDoS attacks observed during the first quarter of this year were multi-vector attacks, Akamai said in a report released last month. The majority of them used two vectors, and only 2 percent used five or more techniques.

To read this article in full or to leave a comment, please click here