An APDoS is more likely to be perpetrated by “advanced threat actors” who are well resourced, exceptionally skilled and have access to substantial commercial grade computer resources and capacity. APDoS attacks represent a clear and emerging threat needing specialised Monitoring and Incident Response services and the defensive capabilities of specialised DDoS mitigation service providers. This type of attack involves massive network layer DDoS attacks through to focused application layer (HTTP) floods, followed by repeated (at varying intervals) SQLI and XSS attacks. Typically, the perpetrators can simultaneously use from 2 to 5 attack vectors involving up to several tens of millions requests per second, often accompanied by large SYN floods that can not only attack the victim but also any service provider implementing any sort of managed DDoS mitigation capability. These attacks can persist for several weeks- the longest continuous period noted so far lasted 38 days. This APDoS attack involved approximately 50+ Petabits (51,000+ terabits) of malicious traffic. Attackers in this scenario may (or often will) tactically switch between several targets to create a diversion to evade defensive DDoS countermeasures but all the while eventually converging the main thrust of the attack to a single victim. In this scenario, threat actors with continuous access to several very powerful network resources are capable of sustaining a prolonged campaign generating enormous levels of un-amplified DDoS traffic.
APDoS attacks are characterised by:
Advanced Reconnaissance (pre-attack OSINT and extensive decoyed scanning crafted to evade detection over long periods)
Tactical Execution (Attack with a primary and secondary victims but focus is on Primary)
Explicit Motivation (a calculated end game/goal target)
Persistence over extended periods (Utilising all the above into a concerted, well managed attack across a range of targets
Large Computing Capacity (access to substantial computer power and network bandwidth resources)
Simultaneous Multi-threaded ISO layer attacks (sophisticated tools operating at layers 3 through 7)