In Q2 2023, there were 44,000 DDoS attacks every single day, a 31% increase on 2022.
DDoS attacks are designed to overwhelm a network with traffic, disrupting service or shutting down access to legitimate traffic, and impacting not just the target organization, but its customers, partners, and other stakeholders, too.
To meet the growing risk of sophisticated DDoS attacks, today’s enterprises need more visibility than they can get from a DDoS mitigation service — which only analyzes the data of its customers.
2024 Top 5 Common DDoS Attacks:
Brobot Attack
SSL Negotiation Attack
HTTPS Flood — Browser Simulation
MHDDOS GET HTTPS
ACK-PSH Flood
Additionally, DDoS mitigation vendors can only share information on DDoS attacks they were able to stop. They can’t always share information on attacks they couldn’t block – simply because they are often unaware that they occurred.
At MazeBolt, we take a uniquely holistic view, working to uncover the vulnerabilities that occur in any mitigation service. Based on thousands of hours of DDoS attack simulations, we’ve uncovered the five most common DDoS attacks that break through even the best DDoS mitigation solutions.
1. Brobot Attack
The Brobot simulation attack was designed to overwhelm web server resources by continuously requesting single or multiple URLs from many source-attacking machines.
Brobot typically alters its user agent dynamically and can change HTTP method types (GET/POST). Brobot can also add a suffix to the end of URLs which will enable the request to bypass CDN systems. When the server limit of concurrent connections is reached, the server can no longer respond to legitimate requests from other users.
Typical DDoS mitigation mechanism: Bot detection, and HTTP challenge
Learn more about Brobot attacks
2. SSL Negotiation Attack
An SSL Negotiation attack attempts to establish many new SSL handshakes with the targeted server.
Each handshake in this attack is a new TCP connection and affects the target server by opening and closing many such connections. Additionally, SSL handshakes are up to fifteen times more CPU-intensive on the server than on the client and consume much more CPU server resources compared with a typical HTTP request, so whilst the server may not be completely down under such an attack, it may be unable to establish any new SSL connections, effectively leaving that SSL service unavailable.
Typical DDoS mitigation mechanism: Auto Signatures
Learn more about SSL Negotiation attacks
3. HTTPS Flood — Browser Simulation
HTTP/s floods with browser simulations are designed to overwhelm web server resources by continuously requesting single or multiple URLs from many source-attacking machines. Unlike normal HTTP floods, this approach interprets Javascript and fetches all page-related resources like images and CSS, maintaining proper sessions and cookies. Such behavior makes those floods capable of bypassing DDoS mitigation mechanisms. As traffic volume in HTTP floods is often under detection thresholds, traditional rate-based volumetric detection is often ineffective.
A custom-crafted attack using browser simulation can also be enhanced with fake form submissions, mouse movements, and other malicious operations that fall under the definition of normal visitor behavior.
When a limit of concurrent connections is reached on the attacked server, the server can no longer respond to legitimate requests from other users, effectively causing a denial of service.
Typical DDoS mitigation mechanism: HTTP web challenges, custom signatures
Learn more about HTTPS Flood – Browser Simulation attacks
4. MHDDOS GET HTTPS
GET-MHDDOS is an HTTP flood designed to overwhelm web server resources by continuously requesting single or multiple URLs from many source-attacking machines based on the MHDDOS attack tool. MHDDOS contains multiple attack vectors designed to bypass various DDoS mitigation types.
While generating GET requests, the attack also uses a large pool of user agents and referrers. When the server’s limit of concurrent connections is reached, the server can no longer respond to legitimate requests from other users.
Typical DDoS mitigation mechanism: Web-based challenges (redirect, JS, etc.)
Learn more about MHDDOS GET HTTPS
5. ACK-PSH Flood
An ACK-PSH flood is designed to disrupt network activity by saturating bandwidth and resources on stateful devices in its path.
By continuously sending ACK-PSH packets towards a target, stateful defenses can go down (in some cases into a fail-open mode). This flood could also be used as a smoke screen for more advanced attacks. This is true for other out-of-state floods, too.
Typical DDoS mitigation mechanism: Out-of-state packets mitigation, AI protections
Learn more about ACK-PSH Flood
Achieve Business Continuity with Continuous DDoS Testing
These attack vectors are not new, yet our data research shows that they are most regularly breaking through DDoS defenses, negatively impacting business continuity, reputation, and revenues. As IT environments become increasingly complex, clearly the main method of testing resilience – sporadic red team testing, is failing to ensure DDoS protection is doing its job.
The truth is, with a fear of negatively impacting business continuity, red teams are given too limited a window to try all attack vectors on all targets, which means while your organization may be marked secure from one kind of threat – there are dozens more waiting to take its place.
In contrast, with Mazebolt’s automated DDoS testing solution – RADAR™, organizations can test continuously across all online services and against all known attack vectors (150 and counting). Best of all, they can do this without downtime to online services. Any vulnerabilities in your environment, or in existing DDoS prevention tools are flagged for your attention, alongside recommended steps for mitigation. Once those steps have been implemented, you can test again immediately and gain the peace of mind that the issue is fully in the rearview mirror.
Interested in whether you’re vulnerable to any of these top 5 DDoS attacks that sidestep DDoS mitigation solutions? Schedule a demo of RADAR, and find out.
