Perpetrators are using smaller, bit-and-piece methods to inject junk into legitimate traffic, causing attacks to bypass detection rather than sounding alarms with large, obvious attack spikes.
A pioneering distributed denial-of-service (DDoS) attack pattern has emerged, targeting internet service providers (ISPs) with something researchers have dubbed the bit-and-piece “Mongol” attack.
The approach involves spreading out junk traffic across large numbers of IP addresses in order to evade detection, according to Nexusguard’s Q3 2018 Threat Report. The attackers inject small amounts of junk into the legitimate traffic flowing from the IPs, which easily bypass detection thresholds because there’s so little of it per address. The goal is to achieve enough collective volume for a DDoS attack by contaminating several pools of IP addresses across hundreds of IP prefixes (at least 527 Class C networks were impacted in the third quarter alone, according to Nexusguard findings).