In a blog post by CloudFlare, it has been revealed that the US West Coast is likely to become the target of yet another huge DDoS attack but this time it will be conducted with a different botnet than Mirai that was using during Dyn DNS attack which forced sites like Twitter, Amazon, PayPal etc to go offline for hours.
The content delivery network states in the blog post that the company has been observing the overflow of traffic from about two weeks. It seems to be coming from a single source. Seemingly, someone was firstly testing their abilities with a 9-to-5 attack schedule and then the attack pattern was shifted to 24 hours. This new botnet is either equal or superior to the Mirai botnet.
After observing the heavy attack traffic that literally peaked at 172MBPS and 400 gigabits per second, CloudFlare concluded that the botnet was being turned on and off by some person who was busy with a 9-to-5 job.
In the blog post, CloudFare wrote:
“The attack started at 1830 UTC and lasted non-stop for almost exactly 8.5 hours, stopping at 0300 UTC. It felt as if an attacker ‘worked’ a day and then went home.”
For about a whole week, the same attacker was observed to be sending data packets in huge proportions every day. Then the schedule was abruptly changed since the attacker was working on a 24-hour basis. This hints at the fact that the attacking mechanism was taken over by another, much-organized group.
It is worth noting that the attack traffic wasn’t launched via Mirai botnet; the attackers are using a different kind of software with different methods like “”very large L3/L4 floods aimed at the TCP protocol.”
The company also noted that the attacks are now focused on locations that are smaller and fall within the jurisdiction of the US West Coast.
The revelation arrived soon after the special cyber-security commission of the White House issued recommendations and delivered the paper to the president. In the recommendations, it was urged that effective actions are required to mitigate and/or eliminate threats involving botnets.
The report [Pdf] issued by the White House’s Commission on Enhancing National Cyber-security basically highlights the vulnerable nature of cyber-security nowadays with the emergence of sophisticated DDoS attacks methods like Mirai botnet that has been causing havoc lately.
The 100-page long report contained recommendations regarding how the US government should tackle this issue. The bottom line was that the issue was much severe than it seems on paper and there is a lot needed to be done as soon as possible or else the situation will go out of hands.
The report has identified six imperatives and there are 16 recommendations along with 53 Action Items aimed at countering the threat. The crux of the report and the commission’s research is that the US government and the private sector must collaborate and work closely to devise ways for handling cyber-security related issues and vulnerabilities along with developing programs for handling such problems in future.
If CloudFlare’s analysis is correct one can expect a DDoS attack more damaging than the previous one. Let’s see what’s coming next and who’s trying to shut down the Internet this time.