Lumen stops 1.06 Tbps DDoS attack

DENVER – In its quarterly report on Distributed Denial of Service (DDoS) attacks, Lumen Technologies (NYSE: LUMN) revealed the company mitigated one of its largest ever – a 1.06 terabits per second (Tbps) attack that was part of a larger campaign targeting a single victim. Despite the size and complexity of the attempted attack, the target experienced no downtime.

Size was not the only notable element of the failed attack; it was also part of a larger campaign in which the threat actor attempted to leverage multiple techniques. These techniques are called out in the report as emerging trends in the second quarter.

Trend #1: Leveraging the cloud

Attackers leverage cloud-based services in a fraudulent way to significantly boost their attack capability.

To be successful at this type of attack, cybercriminals mask their acquisition and control of cloud-based services through compromised hosts or anonymizing services. The attacker then abuses the cloud providers’ resources to launch volumetric attacks against their intended victims.

To learn how to avoid being a victim of compromised cloud services, read the full Q2 DDoS report.

Trend #2: Hit-and-run

Analysis from Black Lotus Labs revealed the 1.06 Tbps attack was part of a larger campaign that lasted 12 minutes. It began when the threat actor attempted to deploy a series of “hit-and-run” attacks. With this technique, victims are typically targeted with a series of consecutive or concurrent attacks that are relatively small in size and duration. Threat actors deploy these attacks to assess a potential victim’s defenses and determine which attack methods – if any – will be successful.

The longest campaign Lumen mitigated in Q2 lasted 21 days, 8 hours.

Learn how to protect against hit-and-run attacks with Lumen DDoS Mitigation services.

Trend #3: VoIP targeting continues

Late last year, several researchers (including Lumen) began reporting on a rise in attacks targeting VoIP providers. In Q2 2022, one attack vector – Session Initiation Protocol (SIP) – stood out in the data. Although the number of SIP attacks that Lumen mitigated was relatively small – just 1.84% of all mitigations – they represented a 315% increase over Q1 2022, and a 475% increase over Q3 2021.

While the number of SIP attacks is low compared to tried-and-true methods, attacking SIP is considered a more surgical approach to disrupting VoIP services compared to DDoS brute-force methods like TCP-SYN flooding and UDP-based amplification. For more information about Lumen’s previous research into VoIP attacks, read our Q4 2021 DDoS report.

Read the full press release here.

Lumen