An undisclosed streaming service was hit by a 13‑day DDoS massive attack powered by a Mirai
Imperva confirmed that its systems were able to repel the attack and the service remained up and running during the DDoS attack.
“Targeting the authentication component of your site, this DDoS attack was led by a coordinating 402,000 different IPs, lasted 13 days and directed a peak flow of 292,000 RPS (Requests Per Second). Such a massive attack is more than possible — one of our CDN customers in the entertainment industry was hit by one earlier this spring.” reads the blog post published by Imperva.
According to Imperva, it was the largest Layer 7 DDoS attack it has ever seen.
The attack occurred between April and early May, it was an application layer DDoS attack that generated more than 100,000 HTTP requests per second (RPS), peaking at 292,000 RPS. The attackers used a legitimate User-Agent widely used by the entertainment industry customer service application, to mask their attack.
The attackers attempted to saturate the authentication component of the streaming site.
Experts noticed that most of the IPs that were involved in the attack had the same opened ports: 2000 and 7547. These ports are usually associated with Mirai infections. Researchers also revealed that the attack originated mainly from Brazil
Experts explained that Layer 7 DDoS attacks are harder to counter
You need a 3rd party vendor that can handle both Application Layer 7 DDoS attacks and Network Layer 3/4 DDoS attacks.