Massive 2.45Billion Dollar DDoS Attack "Low and Slow" Technique Used on Platform

Post Views: 6

Massive “Low and Slow” DDoS Attack Uncovered

Researchers at DataDome have detailed a staggering Distributed Denial of Service (DDoS) campaign that targeted a major user-generated content platform. The attack, which lasted just five hours, generated a whopping 2.45 billion malicious requests from over 1.2 million unique IP addresses.

This marks one of the most fragmented DDoS campaigns ever recorded.
The attack peaked at an astonishing 205,344 requests per second, yet managed to evade traditional security measures by utilizing a sophisticated “low and slow” approach.
The sheer scale of the infrastructure used in this attack is remarkable. Traffic was distributed across over 1.2 million unique IP addresses and spanned 16,402 distinct Autonomous Systems (ASNs).

Attack Strategy

The attackers opted for a strategy that stayed beneath the radar of standard rate-limiting defenses.

According to the research, the attack employed a “pulsed cadence” strategy, sending requests at a rate that stayed below standard per-IP thresholds. This approach allowed them to maintain a consistent flow of traffic without raising suspicion.

Infrastructure Used

The top contributing ASNs included HERN Labs AB, Cloudflare, Inc., DigitalOcean, LLC, 1337 Services GmbH, and Stiftung Erneuerbare Freiheit. These networks were selected due to their reputation for offering secure and private services.

Conclusion

DataDome researchers concluded that security teams must shift towards detection models analyzing patterns across time to identify behavioral anomalies, rather than relying solely on static volume limits to prevent similar attacks.