The Massive Tsunami of L7 DDoS Attacks: Radware's Triumph in Blocking More Than 1.4 trillion Attacker Transactions

In the ever-changing world of cybersecurity threats, Layer 7 distributed denial of service (DDoS) attacks continue to be a major challenge for online businesses. These advanced attacks cause significant disruptions, make services unavailable, create a poor user experience, and lead to financial losses.

With Radware Web DDoS Protection, we have what it takes to stop these large, dynamic, and persistent L7 DDoS attacks. Here is an example of a recent attack campaign that was successfully mitigated for a customer without impact.

Attack Analysis

A customer was onboarded to our Cloud application protection and faced an immediate massive attack campaign. The volume of the first attack was high, triggering an immediate automated "Under Attack" mode. WebDDoS "Under Attack" was recently improved with better mitigation and reduced false negatives, even without complete learning. We ensured uninterrupted operations while delivering uncompromising coverage against even the most sophisticated Web DDoS threats.

Radware successfully mitigated a staggering volume of attacks with no customer impact. During the attack campaign, the attack reached a max of 14.6 million requests per second (RPS)! This highlights the immense scale of the threat directed at our customer. The massive attack campaign, which took place from July 4th through July 11th, targeted multiple customer applications, and consisted of over ten significant waves.

The attacks lasted for a total of 8 days with over 1.4 trillion blocked transactions. The attack demonstrated a remarkable level of intensity, with a max rate of 14.6 million RPS across targeted applications. The highest peak per application reached a staggering 300 million attack requests.

[ The figure shows the highest peaks wave during the attack campaign The highest peak on a single application stood at 14.6 million RPS.]

Radware's Mitigation Strategy

Radware's immediate and decisive response played a crucial role in swiftly and comprehensively escorting our customer's organization onboarding to Radware's Cloud Web DDoS Protection Service. Remarkably, this was accomplished without the luxury of any learning period. Leveraging Radware's automatic, real-time signature-creation capabilities, customized signatures were seamlessly activated and precisely tailored to counteract the unique characteristics of the attack.

Throughout the entire attack campaign, Radware's automatic mitigation actions were powered by advanced algorithms that analyzed the behavior of the attacks. We successfully mitigated all attacks without any prior knowledge or assumptions about them. The attack pattern was learned and handled automatically without any human intervention.

Our automatic signatures effectively blocked the attack campaign on most of the applications, which allowed legitimate users to continue accessing the service. The ability to defend against evolving threats immediately and efficiently, even without the need for a learning period, demonstrates Radware's expertise in providing reliable and strong protection.

Attack Origin and Tactics

On top of the attack size and duration, the attackers employed various methods to increase the impact of their attacks and evade regular security measures, including:

• HTTP GET requests designed to appear legitimate.
• Randomized versions of headers.
• Alteration of request patterns at different stages of the attack.

Despite these changing tactics, Radware's Web DDoS algorithm swiftly detected and updated security measures in real-time. During the attack, we set and updated real-time signatures automatically and shared the related information and statistics with the customer.

This adaptive approach ensured our readiness to handle the evolving attack. We continuously adapted to changing tactics and provided our customer with clear visibility into the attacks.

[The figure shows attack samples - highlight the attack randomization]

Summary

Radware's successful mitigation of the recent massive L7 DDoS attack campaign, blocking more than 1.4 trillion attacker transactions, demonstrates our unparalleled ability to protect customers from the most sophisticated and high-volume threats while keeping customer web pages unaffected. The mitigation was fully automated, hands-free, and without any human intervention or tuning. Our advanced algorithms, automatic real-time signature creation, and dedicated Emergency Response Team ensured uninterrupted service and optimal protection. This case highlights our commitment to delivering reliable and strong protection against evolving cybersecurity threats, keeping our customers' operations running smoothly and securely.

To learn why Radware was named a leader in DDoS mitigation by SPARK Matrix, you can read the complete analyst report HERE.

Public link

Please use the above public link if you want to share this noodl on another website.