Generally, DDoS assault pattern can be characterized as a continued wave with a gradual
ramp-up that drives to a peak and is accompanied by either a slow or sudden drop.
This attack pattern was observed by Imperva Incapsula, this DDOS pattern Composed of a series of short-lived pulses repeating in continuous clockwork-like sequence.
These attack patterns involved in some of the cruel DDoS attacks that happened in the second quarter of 2017. In worst cases, these attacks continued for days and consumed as high as 350Gbps.
Pulse Wave doesn’t have ramp-up period as like classic DDoS attack all the sources are committed once and continued over its duration.
Security experts from Imperva say Attackers follow high repetitive patterns and pulses returning for every 10 minutes and it last for hours or days. A single pulse(10
Gbps or more) is more than enough to crowd a network pipe.
Imperva says that pulse wave DDoS incidents most likely from experienced attackers assigning their assault assets to dispatch numerous strikes in the meantime.
If it is true then the interim between each pulse wave is being utilized to mount an auxiliary strike on an alternate target.
DDoS Mitigation hardware’s designed to serve as the first line of defense, if it fails exceeding traffic capacity limits it activates cloud and redirects all the traffic over the period of assault.
Here the most important thing the appliance and cloud need to continually communicate with each other for the failover to properly occur, it is suitable Classic DDoS attacks but not for the pulse wave.
With pulse wave attacks the traffic will come fast and furious so the local appliance will be flooded and have no time or bandwidth communicate with cloud service.
Even if cloud configured to activate automatically, even that too take some time to check availability that to results in downtime for second or minutes.
Pulse wave traffic is huge and short lived one’s this forces Hybrid appliance to continuously switch the router settings.At the time cloud comes in the pulse would be almost over.Which leads to deactivation of cloud and again routed to the hybrid appliance.
Once that point is reached, the best an operator can hope for is to activate the cloud in
an always-on mode, something for which appliance-first hybrids were never designed. Imperva adds.
By repeatedly hitting this weak spot with large and immediate force, pulse wave attacks send the entire system into chaos, persistently holding engagement of a good cleansing process.
For the industrial organization, each such instance conjointly interprets into tens of thousands of dollars in direct and indirect damages.
To counter these threats, the hybrid mitigation industry should move away from the
appliance-first solution. It should instead adopt a new topology that deploys the cloud as the first line of defense.Zeifman adds
You can download the WhitePaper published by Imperva with a detailed analysis of DDoS attack Technique.