Lumen stops 1.06 Tbps DDoS attack

Intended victim experienced no downtime despite attacker's persistence. #pressrelease

August 9, 2022

2 Min Read

DENVER – In its quarterly report on Distributed Denial of Service (DDoS) attacks, Lumen Technologies (NYSE: LUMN) revealed the company mitigated one of its largest ever – a 1.06 terabits per second (Tbps) attack that was part of a larger campaign targeting a single victim. Despite the size and complexity of the attempted attack, the target experienced no downtime.

Size was not the only notable element of the failed attack; it was also part of a larger campaign in which the threat actor attempted to leverage multiple techniques. These techniques are called out in the report as emerging trends in the second quarter.

Trend #1: Leveraging the cloud

Attackers leverage cloud-based services in a fraudulent way to significantly boost their attack capability.

To be successful at this type of attack, cybercriminals mask their acquisition and control of cloud-based services through compromised hosts or anonymizing services. The attacker then abuses the cloud providers’ resources to launch volumetric attacks against their intended victims.

To learn how to avoid being a victim of compromised cloud services, read the full Q2 DDoS report.

Trend #2: Hit-and-run

Analysis from Black Lotus Labs revealed the 1.06 Tbps attack was part of a larger campaign that lasted 12 minutes. It began when the threat actor attempted to deploy a series of “hit-and-run” attacks. With this technique, victims are typically targeted with a series of consecutive or concurrent attacks that are relatively small in size and duration. Threat actors deploy these attacks to assess a potential victim’s defenses and determine which attack methods – if any – will be successful.

The longest campaign Lumen mitigated in Q2 lasted 21 days, 8 hours.

Learn how to protect against hit-and-run attacks with Lumen DDoS Mitigation services.

Trend #3: VoIP targeting continues

Late last year, several researchers (including Lumen) began reporting on a rise in attacks targeting VoIP providers. In Q2 2022, one attack vector – Session Initiation Protocol (SIP) – stood out in the data. Although the number of SIP attacks that Lumen mitigated was relatively small – just 1.84% of all mitigations – they represented a 315% increase over Q1 2022, and a 475% increase over Q3 2021.

While the number of SIP attacks is low compared to tried-and-true methods, attacking SIP is considered a more surgical approach to disrupting VoIP services compared to DDoS brute-force methods like TCP-SYN flooding and UDP-based amplification. For more information about Lumen’s previous research into VoIP attacks, read our Q4 2021 DDoS report.

Read the full press release here.


Subscribe and receive the latest news from the industry.
Join 62,000+ members. Yes it's completely free.

You May Also Like