A recent Cisco report found that 42 percent of organizations experienced “burst”distributed denial of service (DDoS) attacks in 2017. Burst attacks, otherwise known as Pulse-Wave attacks, are gaining favor among hackers because they enable perpetrators to attack multiple targets, one after each other, with short, high-volume traffic bursts, in a rapidly repeating cycle. Corero’s DDoS research suggests that a likely reason for the use of “bursting” observed in pulsed DDoS attacks, is the timesharing or multiplexing of attack botnets, probably between two or more simultaneous targets of a DDoS-for-hire booter/stresser service. The hackers make more money by harnessing the power of one large botnet to service more than one customer simultaneously. Once a botnet is up and running, they can hit one target with a burst, then switch quickly to hit another target with a burst, then alternate between the targets.
This points to the increasing sophistication of hackers, in terms of their ability to better leverage large botnets and develop mechanisms which have the ability to evade detection. With short burst attacks, hackers can ramp the attack traffic faster and increase the chances of evading legacy protection on a network. These short duration burst attacks can also deliver more calculated, non-saturating traffic volumes, rather than using traditional massive brute-force attacks. Such surgical attacks are often crafted specifically to fly under the radar of conventional DDoS protection, as they can blend in with regular traffic volumes. Similar to a sleight of hand, while the target organization focuses on the ramifications of the DDoS attack, other attacks are launched to infiltrate the network and carry out activities, such as ex-filtrating valuable data.