It may seem that slow, low-power attacks (the so-called "Low and Slow" attacks) are a thing of the past, but practice shows that they are still actively used by cybercriminals. In 2020, 65% of organizations were affected by such attacks, with 30% experiencing them monthly. Therefore, let's give them the attention they deserve and tell you how they are implemented.
If an attacker wants to paralyze an application, the easiest way is to transfer excess traffic to shut down the application server (distributed denial of service attack, or DDoS). However, there are many technologies today that can detect and block such attacks based on IP addresses or signatures, quota management, and specialized solutions to prevent DDoS attacks.
At the beginning of 2021. the world is faced with the return of an old, but very effective attack technique - slow, low-power attacks. By the end of February, the number of attacks of this type targeting Radware customers grew by 20% compared to the fourth quarter of 2020.
What are Low and Slow attacks?
Instead of creating a sudden surplus of traffic, slow, low-power attacks are carried out with minimal activity and are not logged by the systems. They aim to incapacitate an object discreetly by creating a minimum number of connections and leaving them unfinished for as long as possible.
Typically, attackers send partial HTTP requests and small data packets or keep-alive messages to keep the connection alive. Such attacks are not only difficult to block, but also difficult to detect.
There are several well-known tools that allow attackers to carry out such attacks, including SlowLoris, SlowPost, SlowHTTPTest, Tor's Hammer, RUDead.Yet, and LOIC.
, , API, , . , , , . , .
— Radware DDoS-. TCP , , .
This monitoring is done without accessing the application and does not pose any risk to it, since protection is performed at the session level. Subsequent attack attempts are blocked at the network perimeter using unique signaling mechanisms and automated workflows without compromising application performance.