Blog Post by Charlie Kraus, Senior Product Marketing Manager
February 17, 2021
DDoS attacks have not only increased in the past year, but they’ve also migrated to a new form—known as bit-and-piece attacks—that is undetectable by traditional methods. Bypassing threshold detection techniques, bit-and-piece DDoS attacks can bring networks to a halt with much lower traffic volumes than other forms of denial-of-service attack.
Before discussing bit-and-piece attacks, we first need to contextualize them in terms of traditional DDoS attacks, which rely on a high traffic volume from many sources. Usually, this means taking over a few thousand computers or IoT devices, then directing them to send web traffic to a website or application all at the same time. If this traffic volume exceeds the website or application’s capacity to process the incoming requests, the website or application becomes unavailable to legitimate users.
In practice, three things have happened that have made these attacks less viable over the last few years (until 2020).
2020 made DDoS attacks viable again because so many companies—including many which hadn’t thought much about security in the past—suddenly needed to go remote. Remote workers are much more vulnerable to DDoS attacks, which meant that these attacks surged again. Out of this surge, the innovation known as bit-and-piece was born.
Bit-and-piece DDoS attacks increased significantly in 2020, but without breaking any traffic records as far as DDoS attacks are concerned. Quite the opposite—almost half of these DDoS attacks are just 30MBps or less, orders of magnitude smaller than the record-breaking attacks mentioned above. These attacks still succeed in bringing down networks without massive traffic volumes—how do they do it?
The first thing to note is that this kind of attack has been targeted primarily against communications services providers (CSPs) and is much more targeted than other DDoS attacks. Instead of using vast amounts of junk traffic from thousands of computers, bit-and-piece attacks use legitimate traffic targeted at widely dispersed IP ranges with just a small amount of junk folded in.
Because the overall volume of junk traffic is small, the usual detection methods don’t register it as a threat. Nonetheless, this small amount of traffic can do a lot of damage. Each targeted IP range belongs to just one service provider. Each piece of junk data takes work to clean out of the data stream, and some CSPs have less capacity than others. If an attacker targets the right CSP, they’ll be forced to devote all their resources to cleaning their traffic, which usually means taking their network offline.
Because this attack evades traditional detection methods, there are very few ways for CSPs to respond to this kind of threat. Some of them don’t have the budget to devote more resources to cleaning bad traffic, and others can’t hire additional security experts to inspect traffic at a more granular level. For most, the best recourse is to failover to a CDN as soon as a bit-and-piece DDoS attack starts to take down their networks.
For more information about how Limelight Networks can defend your website against DDoS attacks with DDoS mitigation, check out more details here and contact us today!