Lumen stops 1.06 Tbps DDoS attack in the company's largest mitigation to date

Intended victim experienced no downtime despite attacker's persistence.

  • 2 years ago Posted in

In its quarterly report on Distributed Denial of Service (DDoS) attacks, Lumen Technologies (NYSE: LUMN) revealed the company mitigated one of its largest ever – a 1.06 terabits per second (Tbps) attack that was part of a larger campaign targeting a single victim. Despite the size and complexity of the attempted attack, the target experienced no downtime.

Size was not the only notable element of the failed attack; it was also part of a larger campaign in which the threat actor attempted to leverage multiple techniques. These techniques are called out in the report as emerging trends in the second quarter.

Trend #1: Leveraging the cloud

Attackers leverage cloud-based services in a fraudulent way to significantly boost their attack capability.

To be successful at this type of attack, cybercriminals mask their acquisition and control of cloud-based services through compromised hosts or anonymizing services. The attacker then abuses the cloud providers' resources to launch volumetric attacks against their intended victims.

To learn how to avoid being a victim of compromised cloud services, read the full Q2 DDoS report.

"Using cloud and hosting providers to launch large DDoS attacks creates a unique challenge because it puts both the victim and the provider at risk," said Mark Dehus, director of threat intelligence for Black Lotus Labs, the threat research team at Lumen. "Cloud providers must be vigilant to ensure their services are not being abused. They should also have mitigation methodologies to limit the impact if a threat actor gains unauthorized or fraudulent access to resources."

Trend #2: Hit-and-run

Analysis from Black Lotus Labs revealed the 1.06 Tbps attack was part of a larger campaign that lasted 12 minutes. It began when the threat actor attempted to deploy a series of "hit-and-run" attacks. With this technique, victims are typically targeted with a series of consecutive or concurrent attacks that are relatively small in size and duration. Threat actors deploy these attacks to assess a potential victim's defenses and determine which attack methods – if any – will be successful.

The longest campaign Lumen mitigated in Q2 lasted 21 days, 8 hours.

Learn how to protect against hit-and-run attacks with Lumen DDoS Mitigation services.

Trend #3: VoIP targeting continues

Late last year, several researchers (including Lumen) began reporting on a rise in attacks targeting VoIP providers. In Q2 2022, one attack vector – Session Initiation Protocol (SIP) – stood out in the data. Although the number of SIP attacks that Lumen mitigated was relatively small – just 1.84% of all mitigations – they represented a 315% increase over Q1 2022, and a 475% increase over Q3 2021.

While the number of SIP attacks is low compared to tried-and-true methods, attacking SIP is considered a more surgical approach to disrupting VoIP services compared to DDoS brute-force methods like TCP-SYN flooding and UDP-based amplification. For more information about Lumen's previous research into VoIP attacks, read our Q4 2021 DDoS report.

"Organisations of all types can be victimized by DDoS attacks," said Dehus. "Using the intelligence and visibility from the Lumen Platform, Black Lotus Labs can protect Lumen DDoS customers with better insights from the ever-growing list of threats to business-critical systems and data."

Predictive maintenance and forecasting for security and failures will be a growing area for MSPs...
Venafi has published the findings of its latest research report: The Impact of Machine Identities...
Arctic Wolf to enhance its Security Operations Aurora Platform with best-in-class endpoint...
Nearly 50% of organisations have experienced a security breach in the last two years.
New study by Splunk shows that a significant number of UK CISOs are stressed, tired, and aren’t...
HP Wolf Security Study highlights cybersecurity challenges facing organizations across the...
Internal test shows estimated scanning speeds of 75,000 backups within 60 seconds.
Deployment allows Korea Hydro and Nuclear Plant (KHNP) to leverage quantum-safe MACsec technology...