Pulsing zombie attack definition
During a pulsing zombie attack, compromised devices, called "zombies," send bursts of malicious traffic to a target, causing disruption and evading detection.
See also: bot herder, bot mitigation, botnet, DDoS mitigation
Here’s how it goes:
- 1.Infection. The attacker first infects multiple devices with malware, turning them into their remotely-controlled "zombies." These devices can be computers, smartphones, or IoT devices.
- 2.Coordinating the attack. The attacker programs the infected devices to send bursts of traffic or requests to the target system at specific intervals. These bursts are designed to be short and intense, followed by periods of inactivity to make it harder for the target to detect and mitigate the attack.
- 3.Launching the bursts. At their designated times, the zombies send a high volume of traffic to the target to overload it and cause slowdowns or outages.
- 4.Evading detection. Traditional security systems often look for continuous, high-volume traffic to identify attacks. By pulsing, the attacker can evade these systems because the traffic spikes are brief and separated by periods of normal activity.
How to prevent pulsing zombie attacks
While annoying, these attacks are not too elaborate and can be stopped. First, implement monitoring systems to detect irregular traffic and suspicious patterns and block those requests. There are many machine learning tools that are trained to identify and respond to pulsing attacks. You can also apply dynamic rate limiting to manage sudden spikes in traffic.