The cybersecurity firm Imperva reported a new distributed denial-of-service (DDoS) attack pattern seemingly designed to circumvent hybrid DDoS mitigation solutions. Typically, DDoS attacks grow over time, creating an opportunity for a mitigation provider’s on-premises appliance to identify the attack and activate the off-premises cloud scrubbing platform to filter the incoming network traffic and protect the targeted network. However, the pulse wave attack generates a large amount of network traffic quickly, aiming it towards the initial target. This large, quick burst is enough to knock the target network offline, overwhelming the on-premises appliance and preventing the cloud scrubbing platform from activating. The botnet generating the traffic aims its next burst at another target, only to return attack traffic at the first target as its network recovers from the initial pulse wave attack. So far, Imperva has observed these types of attacks aimed at high-value targets such as gaming and financial technology companies. The NJCCIC recommends organizations proactively coordinate with their ISPs and/or DDoS mitigation providers to develop a response plan for these types of attacks and review the “time to mitigation” clause in any service level agreements, if applicable. If your organization is a victim of a pulse wave DDoS attack, please report the incident to the NJCCIC via the Cyber Incident Report form on our website.