DDoS) attacks is one of the most complicated web attack that disguised to look like legitimate traffic but targets specific areas of a website, making it even more difficult to detect and mitigate.
Just Yesterday Cloud-based security service provider 'Incapsula' detected a unique application layer DDoS attack, carried out using traffic hijacking techniques. DDoS attack flooded one of their client with over 20 million GET requests, originating from browsers of over 22,000 Internet users.
What makes this case especially interesting is the fact that the attack was enabled by persistent XSS vulnerability in one of the world’s largest and most popular site - one of the domains on Alexa’s “Top 50” list.
XSS vulnerability to Large-Scale DDoS Attack
Incapsula has not disclosed the name of vulnerable website for security reasons, but mentioned it as a high profile video content provider website, allows its users to sign-up and sign-in with their own profiles.
According to Incapsula, attackers are using a Ajax-script based DDoS tool, that force browser to issue a DDoS request at the rate of one request per second.
"Obviously one request per second is not a lot. However, when dealing with video content of 10, 20 and 30 minutes in length and with thousands of views every minute, the attack can quickly become very large and extremely dangerous." researchers explained.
Intercepting the Attack
Researchers also mentioned that attackers behind recent DDoS attack have upgraded their DDoS tool to a much more robust version. "This leads us to believe that what we saw yesterday was a sort of POC test run. " Incapsula quickly reached out to the vulnerable video website support team to patch the flaw.