TTPwire Vol. 1 · MITRE ATT&CK·Tagged

← All stories

F5 Labs

DDoS Against a Financial Service: Analysis of a Massive Attack

2021-08-23 · Read original ↗

ATT&CK techniques detected

9 predictions
T1071.001Web Protocols
86%
“, and australia, which accounted for 80. 6 % of the traffic observed ( figure 2 ). these are all countries with robust and modern internet connectivity. the other 19. 4 % of the traffic observed was much more diverse. it included traffic from several countries in western and east…”
T1498Network Denial of Service
82%
“ddos against a financial service : analysis of a massive attack f5 labs analyzes threats and attacks based on multiple diverse data sources, one being the f5 security operations center ( soc ), which provides f5 silverline ddos mitigation services to customers and clients. the so…”
T1071.001Web Protocols
63%
“different devices in many different countries and used typical internet routing to reach the target. f5 labs, with the help of silverline staff, retrieved a small sample of attacking ip addresses to investigate this attack further. while the data set we obtained was quite small (…”
T1498.001Direct Network Flood
59%
“ddos against a financial service : analysis of a massive attack f5 labs analyzes threats and attacks based on multiple diverse data sources, one being the f5 security operations center ( soc ), which provides f5 silverline ddos mitigation services to customers and clients. the so…”
T1498Network Denial of Service
58%
“mikrotik case study ( extended ). ” 1 conclusion in this specific, real - world example, a large ddos attack was observed to use standard, known techniques, ostensibly because such techniques still work quite well. the collection of attacking ip addresses was formed from devices …”
T1498Network Denial of Service
57%
“, legitimate traffic pass - through remained at normal levels, about 25 mbps. at its highest peak, the attack caused 33, 599 times the normal amount of traffic. eight minutes and two peaks after the start of the attack, traffic rose rapidly over the next two minutes to the first …”
T1498.001Direct Network Flood
48%
“mikrotik case study ( extended ). ” 1 conclusion in this specific, real - world example, a large ddos attack was observed to use standard, known techniques, ostensibly because such techniques still work quite well. the collection of attacking ip addresses was formed from devices …”
T1499Endpoint Denial of Service
36%
“ddos against a financial service : analysis of a massive attack f5 labs analyzes threats and attacks based on multiple diverse data sources, one being the f5 security operations center ( soc ), which provides f5 silverline ddos mitigation services to customers and clients. the so…”
T1498.001Direct Network Flood
30%
“, legitimate traffic pass - through remained at normal levels, about 25 mbps. at its highest peak, the attack caused 33, 599 times the normal amount of traffic. eight minutes and two peaks after the start of the attack, traffic rose rapidly over the next two minutes to the first …”

Summary

A detailed look at an 840-Gbps DDoS attack on a financial services provider and a deeper dive into attacking nodes.