How Prophaze Secured Two Indian airports from Layer 3-7  DDoS attacks ?

Betamcherla Prophaze Web Application Security Platform mitigating Layer 3-7 DDoS Attacks

Timeline of events leading to attack.

buy clomid in london October 10 – 2022
Cyberattacks reported at US airports.
https://www.theguardian.com/us-news/2022/oct/10/cyberattacks-disrupt-us-airport-websites

22-Feb-2023
German airports hit with DDoS attack.
https://www.theregister.com/2023/02/17/german_airport_websites_ddos/

04-April-2023
DDoS attacks rise as pro-Russia groups attack Finland, Israel
https://www.techrepublic.com/article/ddos-attacks-finland-israel/

08-April-2023
DDoS attacks hits 6 Indian airports.

https://www.thehindu.com/news/cities/Kochi/cial-website-comes-under-attack/article66714841.ece

1) Airports Authority of India
2) Indira Gandhi International Airport
3) Mumbai International Airport
4) Hyderbad international Airport
5) Goa International Airport
6) Cochin International Airport

Background of the Attack

Anonymous Sudan is a famous hacktivists group. They had aligned with Russian hackers and planned attacks on countries like India and Israel stating religious activism as the motive behind the same.

On 8th April 2023 they launched an attack against all the major airports like Kochi, Delhi, Mumbai, Hyderabad, and Goa. They had launched a major Denial of Service Attack against these airport websites.

There were active discussions going on in the dark web and also on social media forums about the same. It was a politically motivated attack and was warned through Social Media posts that India would be the next target. This time it was the airport authorities, next could be some other sector as it is said that the attacks would continue until April 14th.

Layer 7 DDoS

Denial of Service is an attack type where the intention is to shut down the operations of a network/ application by flooding the target with a large volume of traffic which can trigger a crash.

The ultimate goal is to deprive legitimate users of the service they are intending to use. This was majorly a layer 7 DDoS kind of attack. Layer 7 DDoS attacks are specifically targeted on the 7th layer or the topmost layer of the OSI model which is the application layer.

This layer usually handles request methods like HTTP GET and POST methods. Layer 7 DDoS attack usually does not require much bandwidth to execute the same and occurs very slowly. It only requires less than 1 Gbps of bandwidth.

This is why it is widely used to launch attacks on web portals as this minimal requirement makes them very effective and troublesome to handle as the resources required to fight back are much larger than those used to launch the same. This makes it very challenging to mitigate.

The HTTP traffic of layer 7 DDoS attack appears to be harmless peaks in HTTP traffic thus these spikes are confused with increased usage by the crowd. The Bots that provide the traffic spoof their IP addresses which seem to be regular addresses.

Layer 7 DDoS mitigation on Airport Infrastructure

According to several research, threat actors are co-ordinated via a particular telegram group, consists of 10000 members.
They use a particular DDoS Python script independently, which identifies open proxies on the internet and does an average connection of 200 requests per second from one script execution.

For instance, One of the IP involved in the current attack is.
138.68.190.172