Last month Cloudflare was able to automatically detect and mitigate a new type of DDoS attack that it has codenamed “Beat” due to the fact that the attack method appears to have been borrowed from the world of acoustics.
The attack's packet rate followed a wave-shaped pattern for over eight hours and it seems as if the attacker was inspired by an acoustics concept called beat. In acoustics, the term beat is used to describe an interference of two different wave frequencies.
According to Cloudflare, the attacker launched a flood of packets where the rate of the packets was determined by the equation of the beat wave (y'beat=y1+y2) with the two equations y1 and y2 representing the two waves.
- We've assembled a list of the best web hosting services around
- These are the best shared hosting services on the market
- Also check out our roundup of the best dedicated hosting providers
Interested users can check out a new blog post from the company's product manager of DDoS protection Omer Yoachimik where he breaks down the full formula and how it was used to achieve a packet rate that ranged from 18M to 42M pps.
DDoS to the beat
The cybercriminal behind the attack that targeted a Magic Transit customer may have utilized the method they did in an attempt to overcome Cloudflare's DDoS protection systems.
However, the company's unidirectional TCP state tracking machine flowtrackd was able to detect the attack as a flood of ACK packets that did not belong to any existing TCP connection. Therefore, flowtrackd automatically dropped the attack packets at Cloudflare's edge.
In total, the attacker beat the drum for over 19 hours with an amplitude of 7 Mpps, a wavelength of 4 hours and a peak of 42 Mpps. During the two days in which the attack took place, Cloudflare systems automatically detected and mitigated over 700 DDoS attacks targeting this customer.
Cybercriminals are always looking for novel ways to overcome security measures but this time it appears as if their efforts were in vain. However, Cloudflare is prepared in case other attackers try to follow suit by launching their own beat attacks.
- We've also highlighted the best small business web hosting
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home.