An unidentified trading platform’s website was the target of an unprecedented and unique Layer 7 distributed denial of service (DDoS) attack using “headless browsers” that lasted more than 150 hours last week.
“The order of magnitude was significant. No one has 180,000 IPs at their disposal unless it’s an amalgamation of separate botnets they are using interchangeably. This was a sophisticated and thought-out process,” said Incapsula Marc Gaffan.
The unique form of the DDoS attack employed a phantom JS headless browser toolkit, a tool used by application developers to test software by simulating an end-user’s behavior in order to find any bugs and glitches.
Utilizing the “headless browser” technique is rare at best, and the attackers in this instance employed 861 different variants to produce as many as 700 million hits per day on the targeted systems.
“We don’t see Phantom JS as much. What we do see are attackers creating hidden [Internet Explorer] browsers that actually are full-function browsers and are even more sophisticated at bypassing detection mechanisms,” said Arbor Networks’ Marc Eisenbarth.
Layer 7 DDoS attacks are much less difficult to orchestrate because they target the application layer, as opposed to more traditional DDoS attacks which focus on hitting at the network layer, but they require a higher level of technical prowess.
Such attacks are not likely to be undertaken by the likes of hacktivists, and typically would be motivated by some sort of financial incentive.
“Obviously, someone was upset at them,” said Eisenbarth.
Read More Here…