By Shuang Le，
Recently, Alibaba Cloud CloudMonitor has detected attacks against global central bank websites by Anonymous members. So far, more than two important websites in China have been attacked, primarily by high volume DDoS and HTTP flood attacks.
Alibaba Cloud has detected DDoS and HTTP flood attacks through threat intelligence, as the main attacks of this incident. So far, attacks have caused intermittent access failures of multiple websites.
Alibaba Cloud security experts have come up with five attack characteristics:
Alibaba Cloud responds to high-risk incidents with a defense system that integrates Anti-DDoS Service Pro and WAF. The solution can be simply deployed by updating DNS resolution, and available for both cloud and on-premises (including non-Alibaba Cloud) systems.
Anti-DDoS Service Pro implements the SaaS security service to effectively defend against DDoS attacks when origin servers become unavailable under a large volume of DDoS attack traffic. This ensures the stability and reliability of the origin site.
Based on the powerful big data capability of Alibaba Cloud, WAF defends against SQL injection, XSS, common web server plugin vulnerabilities, Trojan uploads, unauthorized access to core resources, and other common OWASP attacks. It filters out massive numbers of malicious attempts to prevent leakage of users' website assets and data, helping enforce website's security and availability.
Alibaba Cloud Security's Anti-DDoS provides the following features and benefits:
Alibaba Cloud Security's DDoS mitigation system defends Alibaba Cloud users against various types of DDoS attacks targeting the network layer, transportation layer, and application layer (including HTTP Flood, SYN Flood, UDP flood, UDP DNS Query Flood, (M)Stream Flood, ICMP Flood and all other types of DDoS attacks). It also sends SMS messages in real time to inform users of the attack events.
Alibaba Cloud Security's DDoS mitigation system adopts world?class detection and protection technologies and implements attack discovery, traffic redirection, and traffic mitigation in five seconds, greatly reducing the network jitter. Meanwhile, the system triggers the protection by referring to the traffic threshold, and statistics and judgment of network behaviors, so as to precisely identify DDoS attacks, thus ensuring the service availability in case of a DDoS attack.
Each basic unit in Alibaba Cloud Security's DDoS mitigation system can filter 10 Gbps attack traffic. Powered by the high scalability and high redundancy of the cloud computing architecture, the Anti-DDoS system supports seamless scale-up in the cloud environment to implement the highly scalable Anti-DDoS capability.
Alibaba Cloud Security Anti-DDoS system can not only defend against DDoS attacks launched outside Alibaba Cloud, but also detect abuse of cloud resources as well. Once a cloud server is detected to be used to launch DDoS attacks, the cloud network traffic monitoring system will collaborate with the host security protection system to restrict the network access behavior of the abused cloud server and generate an alarm, so as to effectively control the internal host.
Alibaba Cloud Security's WAF provides the following features and benefits:
Provides web security protection for the HTTP, HTTPS, HTTP2, and WebSocket traffic of websites.
Defends against common OWASP attacks, including SQL injection, XSS, webshell uploading, backdoor isolation, command injection, illegal HTTP protocol requests, common web server vulnerability attacks, unauthorized access to core resources, path traversing, and scan protection.
The IP address of origin server is not exposed to attackers, so attack packets cannot bypass the WAF to attack your website directly.
Protection rules are synchronized with Taobao. Latest vulnerability patches are provided to global users simultaneously to secure websites.
With observation mode enabled for new website services, possible attacks matching the protection rules trigger warnings but are not blocked. This makes it easy to collect statistics on the false positive rate of your services.
Provides a friendly configuration console interface and supports condition combinations for common HTTP fields, including IP, URL, Referer, and User-Agent. This allows you to create powerful, precise access control policies that are applicable to scenarios such as anti-leeching and website background protection. Establishes comprehensive multi-layer protection with the security modules for protection against common Web attacks and HTTP flood attacks, easily distinguishing between secured and malicious traffic based on your needs.
Updating web protection rules to provide enough protection even before official patches of web application vulnerabilities are released.
Supports centralized management and analysis of attack events, attack traffic, and attack scales.
Considering the high complexity and resistance of this attack, you should contact a professional security service vendor and a service staff member to create a comprehensive solution.
Alibaba Cloud experts can help you to implement a robust security solution to protect your system against such attacks. The benefits of Alibaba Cloud security services include:
Alibaba Clouder - July 22, 2019
Alibaba Cloud Security - December 12, 2019
Alibaba Clouder - July 27, 2018
Alibaba Clouder - December 21, 2020
Alibaba Clouder - December 15, 2017
Alibaba Clouder - November 9, 2018
Alibaba Cloud provides products and services to help you properly plan and execute data backup, massive data archiving, and storage-level disaster recovery.Learn More
A low-code, high-availability, and secure platform for enterprise file management and applicationLearn More
Customized infrastructure to ensure high availability, scalability and high-performanceLearn More
SDDP automatically discovers sensitive data in a large amount of user-authorized data, and detects, records, and analyzes sensitive data consumption activities.Learn More
More Posts by Alibaba Cloud Security