Typically, DDoS (Distributed Denial of Service) attacks use massive traffic such as HTTP, DNS, TCP, and other methods to allow attackers to disrupt even the most well-defended networks or servers. But Yo-Yo DDoS is an entirely different animal.
They are a much more innovative way to attack public cloud infrastructure resources. In today's cloud architecture, almost every resource can scale quickly. It could be nodes, Kubernetes Pods, load balancers, etc. You have unlimited resources when it comes to scaling in the public cloud. The cyber attackers use those cloud auto-scaling capabilities against you and hurt you financially. It literally could destroy small organizations that have limited cloud budgets. This article will shed more light on these types of attacks to help you increase your cyber readiness.
This is a simulation of how it looks:
Yo-Yo DDoS attacks can be tricky to identify because these attacks are brief and dont necessarily result in denial-of-service (DOS) conditions. When carrying out a yo-yo attack, hackers flood their targets with so much traffic that it automatically scales cloud resources such as load balancers, front-end services, and other cloud resources. Then they suddenly halt traffic so that the application is over-provisioned and automatically scales down again. Once the autoscaler decides that traffic volume has decreased, it scales down its resources. The attacker turns on the DDoS traffic anew, and the cycle repeats, hence the name Yo-Yo attack.
Constantly scaling up and down can be a financial drain on the applications owners, who must pay a lot of money to the hyperscalers. In some cases, this behaviour can be difficult or impossible to differentiate from legitimate requests. Unlike other forms of DDoS attacks, Yo-Yos have no centralized sourcethey often originate from many different machines across the Internet.
You should control your cloud scaling behaviour by setting limitations for every cloud resource you scale to avoid large financial spending. If you dont set a max scaling limitation, you could waste a lot of cloud computing resources and cloud-native services. Monitor your compute autoscaling groups and use anomaly detection to recognize unusual scaling patterns automatically. Then you will be able to create alerts for unusual scaling patterns and further investigate your infrastructure scaling and spending.
Although theyre difficult to detect, Yo-Yo attacks can be mitigated by hiding traffic scaling configuration. Attackers need to know how much scaling has taken place to stop the DDoS attack and eventually turn it on again once the traffic goes to a predetermined average level. If the website or service owner can hide scaling information, this would help mitigate any preparations attackers might have made before launching the attack.
To improve the security of your cloud against such attacks, its worth exploring third-party solutions made by specialized security companies such as AWS Shield and Google Armor that can help you mitigate complex attacks. They are Hyperscalers security cloud-native services, but you can pick third-party solutions such as Cloudflare or Incapsula.
Another way to mitigate against Yo-Yo DDoS attacks is to not use the default values for downscaling and upscaling when it comes to the cloud service providers load balancing mechanism. Doing so also disrupts any plan attackers might have made of when to stop sending extra junk traffic and when to start again.
The general tips to guard against DDoS attacks include keeping everything on the system updated. Fix all the security issues and bugs and quickly develop a plan to identify such problems. Its also important to emphasize that Yo-Yo DDoS attacks are a relatively recent development, and mitigation is generally available only within the best web security platforms. For example, the native security tools included in the top-tier cloud platforms are usually not adequate for defeating these attacks.
Some of the more common Yo-Yo mitigation techniques include:
Quick Takeaways to Defend Against Yo-Yo DDoS Cyber Attacks
DDos and Yo-Yo DDoS attacks happen all the time, and the attacks are getting more innovative and more frequent. In general, Yo-Yo DDoS attacks are meant to hurt companies and countries financially.
In the end, the best way to beat a Yo-Yo DDoS attack is to stay vigilant. You dont want to be the next victim of such an attack. To ensure that doesnt happen, use multiple layered defences against attack, keep your systems up-to-date, and stay on top of threats.
Written by Ido Vapner, CTO and Chief Architect at Kyndryl
More:
Yo-Yo DDoS Cyber Attacks; What they Are and How You Can Beat Them - Geektime