Igal Zeifman, Incapsula Security Evangelist at Imperva, observed that, “Attack frequency is rising even as the total number of assaults is trending down. With these repeat assaults, offenders are waging a war of attrition against protected targets – a DDoS equivalent to laying siege on an impenetrable castle.”
Once Incapsula was deployed, Sakamoto immediately noticed improved website stability and a reduction in operational load. “The ability to achieve website stability without having to worry about threats has proven to be a huge win.
Daniel Svartman, a security researcher with Imperva, discovered the issue in May but couldn’t disclose it until Wednesday, after GitLab was able to patch the issue and confirm it had been fixed.
"Network-layer attacks or co-called volumetric DDoS attacks, continue to be the most common," says Avishay Zawoznik, research team leader at Imperva.”
Incapusla says “pulse wave DDoS events most likely result from skilled bad actors portioning their attack resources to launch multiple assaults at the same time.” The time between each pulse is likely “being used to mount a secondary assault on a different target.
“Competitive online games are an attractive target for DDoS offenders looking to create large-scale mayhem in hopes of gaining some internet notoriety,” said Igal Zeifman, a senior manager at security firm Imperva.
Imperva director of marketing Igal Zeifman: "In the first quarter of the year, we saw the number of such repeat assaults reach an all-time high, with over 74 percent of DDoS targets attacked at last twice in the span of that quarter,"
Because sites actively try to deter bots, programmers must “try to make the bot seem like a human, and by human, I mean seem like a [human] browser,” says Igal Zeifman, an evangelist with the web security company Imperva.