Imperva coped with a DDoS attack with a capacity of 2.5 million requests per second

Imperva coped with a DDoS attack
Written by Emma Davis

Security firm Imperva reported that they recently copd with a ransomware DDoS attack targeting an unnamed website that peaked at 2.5 million requests per second.

The researchers say that an unnamed organization affected by the aforementioned attack received several ransom notes, including those integrated into the attack itself.

While ransomware DDoS attacks are not new, they evolve and become more interesting over time, with each subsequent stage of their evolution. For example, we have seen cases where the ransom demand was embedded right into the URL request.the company’s analysts write.

More about this source textSource text required for additional translation information

Imperva coped with a DDoS attack

Send feedback

Imperva coped with a DDoS attack

Side panels

The attackers wanted the company to make a payment in bitcoin, otherwise they threatened to take it offline, which would cause the victim to lose “hundreds of millions of market capitalization.”

At the same time, the attackers called themselves REvil, that is, the name of the infamous extortionist group, whose activities were stopped by law enforcement officers at the beginning of this year.

It is not clear if the threats actually came from the original hack group REvil or from an impostor.Imperva carefully notes.

The 2.5 million requests per second attack reportedly lasted less than a minute, with one of the subsites operated by the same victim company experiencing a similar attack that lasted for about 10 minutes and constantly changed vectors to prevent possible mitigation.

Imperva believes that the attack came from the previously infamous Mēris botnet, which continues to use the already patched vulnerability in Mikrotik routers (CVE-2018-14847) for its operations.

The main source of attack was Indonesia, followed by the US, China, Brazil, India, Colombia, Russia, Thailand, Mexico and Argentina.

Imperva coped with a DDoS attack

The types of sites that attackers are after are business sites dedicated to sales and communications. Targets are usually based in the US or European countries, and they have one thing in common: they are all listed companies, and attackers use this fact to their advantage, citing the potential damage that an attack can cause to the company’s share price.experts say.

Let me remind you that we also talked about the fact that TsuNAME vulnerability can be exploited for DDoS attacks on DNS servers.

User Review
0 (0 votes)
Comments Rating 0 (0 reviews)

About the author

Emma Davis

I'm writer and content manager (a short time ago completed a bachelor degree in Marketing from the Gustavus Adolphus College). For now, I have a deep drive to study cyber security.

Leave a Reply