A new technique of launching distributed denial-of-service (DDoS) attacks called “pulse wave” can be highly effective against organizations and cause problems to certain DDoS mitigation solutions, enabling attackers to down servers previously thought to be secured.
The technique has been discovered by Imperva Incapsula and the name “Pulse Wave” comes from the look of its attack chart, shaped in the form of abrupt repeating pulses.
Imperva Incapsula said that the attackers were able to prepare a 300Gbps botnet in just a few seconds, then scale back that traffic just as quickly. This drove the company to believe the botnet was operating at full capacity all the time and simply switching targets as required. That way the attacker doesn’t have to gradually prepare the botnet for a single target and can rather attack multiple services with little to no downtime.
According to Incapsula:
“A pulse wave attack, having no ramp-up time, represents a worst case scenario for any network defended by such hybrids. As soon as the first pulse hits, it immediately congests the traffic pipe—cutting off the network’s ability to communicate with the outside world. This not only results in a denial of service, but also prevents the mitigation appliance from activating the cloud scrubbing platform. […] For the pulse duration, the entire network shuts down completely. By the time it recovers, another pulse shuts it down again, ad nauseam.”
Imperva said that pulse wave attacks have targeted gaming and business technology organizations over the last few months. The company also said that it expects this kind of attack to trickle down to lower priority victims as attackers recognize they can achieve twice as much with the same number of bots.