A new report details one of the most fragmented DDoS campaigns ever recorded, where cybercriminals launched 2.45 billion malicious requests in five hours at a major user-generated content platform. This research reflects a concerning change in how threat actors are now bypassing traditional security, opting for a sophisticated "low and slow" approach instead of brute force, with further coverage provided by HackRead.The attack, identified by DataDome's Galileo threat research team, utilized a vast infrastructure, distributing traffic across over 1.2 million unique IP addresses and 16,402 distinct Autonomous Systems (ASNs). No single network accounted for more than 3% of the total volume, making traditional IP blocking ineffective. The attackers employed a "pulsed cadence" strategy, averaging roughly one request every nine seconds per IP address, which stayed below standard rate-limiting thresholds.Despite attempts to forge HTTP headers, cookies, and TLS fingerprints, the campaign was detected through behavioral analysis due to inconsistent TLS handshakes and unstable browser identification signals. This managed operation highlights the need for security teams to adopt detection models that analyze traffic behavior over time, rather than relying solely on static volume limits.Source: HackRead
Security Operations, Network Security, Threat Intelligence
Fragmented DDoS campaign bypasses defenses with novel ‘low and slow’ approach

(Adobe Stock)
An In-Depth Guide to Network Security
Get essential knowledge and practical strategies to fortify your network security.
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds



