Can you handle a DDOS-attack of 900,000 RPS?

According to a report published by the cyber threat analysis department of Thales in March, the share of cyber-attacks targeting European Union (EU) countries has risen from 9.8% to 46.5% in a period of 6 months. Especially, Denmark and Sweden have experienced one major denial of service attack after another – forcing websites and services down at everything from ministries and government agencies to airports and financial institutions. Subsequently, groups have targeted other hotspots in Europe as well, including French airports and Dutch harbor installations. Most recently we see a strong focus on Finland – especially after the country’s final accession to NATO.

The increasing number of DDOS-attacks are mainly coming from Russian hacktivist groups and pro-Russian hacker networks, as a response to the Ukrainian weapons aid programs of European governments. Groups like KillNet, NoName057 (16), Team Insane PK, Mysterious Team, Passion Group and perhaps the best known in Denmark, Anonymous Sudan, are all actively involved in setting up DDOS-attacks as pointed out in Radware’s Global Threat Analysis report 2022-2023.

The method used by the pro-Russian cybercriminals is a new type of HTTP DDOS Tsunami attack that is sophisticated, aggressive, and extremely difficult to detect and deflect without also blocking legitimate traffic. The new attacks simply have an excessive quantity of requests (requests per second) that overwhelm web servers and firewalls, forcing them into the ground. One of the wildest attacks recorded lasted four hours with a peak of 880,000 requests per second (RPS) followed by a similar attack occurred in two hours with an RPS of 740,000 (see Q2 2023 Nawas threat report).

The responsibility for stopping a DDOS attack has always rested with individual companies. But as attacks become fiercer, that method simply doesn’t work anymore as the more traditional, network-based DdoS protection and Web Application Firewall (WAF) are not equipped to mitigate the new types of DDOS-attacks. The new attacks are even designed to evade common signature-based monitoring solutions. This means that security teams have to spend hours and days analyzing traffic to set up new rules, which ultimately doesn’t matter because the attacking side will have replaced its attack surface with a new set of HTTP requests by then.

With DDOS-attacks being an ever-greater threat, digital resilience is ever more important for any company in any layer of society. To prevent damages companies must therefore create a detection-first strategy, to minimize the damages done by an attack. And second, organization must invest in DDOS-protection at the infrastructure level. By using Nawas anti-Ddos at AMS-IX companies can filter unwanted DDoS traffic at the transport protocol and port level with fine granularity. This will limit the harmful data throughput.

Do you want to know more of how we can protect your data traffic against Ddos attacks?