Daniel Svartman, a security researcher with Imperva, discovered the issue in May but couldn’t disclose it until Wednesday, after GitLab was able to patch the issue and confirm it had been fixed.
"Network-layer attacks or co-called volumetric DDoS attacks, continue to be the most common," says Avishay Zawoznik, research team leader at Imperva.”
Incapusla says “pulse wave DDoS events most likely result from skilled bad actors portioning their attack resources to launch multiple assaults at the same time.” The time between each pulse is likely “being used to mount a secondary assault on a different target.
“Competitive online games are an attractive target for DDoS offenders looking to create large-scale mayhem in hopes of gaining some internet notoriety,” said Igal Zeifman, a senior manager at security firm Imperva.
Imperva director of marketing Igal Zeifman: "In the first quarter of the year, we saw the number of such repeat assaults reach an all-time high, with over 74 percent of DDoS targets attacked at last twice in the span of that quarter,"
Because sites actively try to deter bots, programmers must “try to make the bot seem like a human, and by human, I mean seem like a [human] browser,” says Igal Zeifman, an evangelist with the web security company Imperva.
According to the 2016 Imperva Incapsula Bot Traffic Report, which tracks the growth of non-human internet activity, more than half of all website traffic is generated by automated software, commonly referred to as bots.
Imperva Director of Product Marketing Robert Hamilton. “There are two common reasons why a player would unleash a DDoS attack: to gain a personal advantage and to disrupt the game.”