Security Operations, Network Security, Threat Intelligence

Fragmented DDoS campaign bypasses defenses with novel ‘low and slow’ approach

DDoS attack

A new report details one of the most fragmented DDoS campaigns ever recorded, where cybercriminals launched 2.45 billion malicious requests in five hours at a major user-generated content platform. This research reflects a concerning change in how threat actors are now bypassing traditional security, opting for a sophisticated "low and slow" approach instead of brute force, with further coverage provided by HackRead.

The attack, identified by DataDome's Galileo threat research team, utilized a vast infrastructure, distributing traffic across over 1.2 million unique IP addresses and 16,402 distinct Autonomous Systems (ASNs). No single network accounted for more than 3% of the total volume, making traditional IP blocking ineffective. The attackers employed a "pulsed cadence" strategy, averaging roughly one request every nine seconds per IP address, which stayed below standard rate-limiting thresholds.

Despite attempts to forge HTTP headers, cookies, and TLS fingerprints, the campaign was detected through behavioral analysis due to inconsistent TLS handshakes and unstable browser identification signals. This managed operation highlights the need for security teams to adopt detection models that analyze traffic behavior over time, rather than relying solely on static volume limits.

Source: HackRead

An In-Depth Guide to Network Security

Get essential knowledge and practical strategies to fortify your network security.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds