Distributed denial of service (DDoS) attacks are malicious attempts to make an online service unavailable to users, usually by temporarily interrupting or suspending the services of its hosting server. Data revealed in the 2021 DDoS Threat Landscape Report strongly suggests attacks are constantly evolving in size, volume, frequency, and complexity. The report shows that while attack duration has decreased compared with previous years, the number of DDoS attacks per month in 2021 is up four times, the volume of attacks has increased two times and the number of packets has increased three times over figures reported in 2020.
In this post, we’ll examine five high-profile DDoS attacks. In all cases, the sizes of the attacks are massive, but often size is only part of the story. We’ll also suggest lessons learned from these incidents in the hopes that you’ll use them to prevent and mitigate any DDoS attacks directed at your organization.
5. March 2013 – Spamhaus
In 2013, attackers leveraged the power of relatively few computers to generate as much as 300 gigabits a second of traffic to target Spamhaus, a spam-prevention service. They succeeded in disrupting Internet service for millions of users in Europe in a textbook DDoS attack. The attack, which lasted for about two weeks, was traced back to an employee of a Dutch company blacklisted for spamming by Spamhaus.
Why this is scary
According to the 2021 DDoS Threat Landscape Report DDoS attacks capable of crippling network resources and websites can be rented online for as little as $5 an hour. The Spamhaus attacker leveraged the power of relatively few computers to create the results they were looking for. Combined with the reality that the world is full of vengeful actors, you can see how plausible it is for an adversary to carry out a cheap and effective DDoS attack that can instantly hurt your brand reputation and cause major logistical hassles.
4. September 2012 – Six US Banks
On March 12, 2012, six leading US banking institutions were hit by DDoS attacks, the largest number of institutions to be targeted in a single day to that point. The results of the attack were major disruptions to customer banking systems ranging from intermittent outages lasting 30 minutes to 100% online failures lasting several hours. The bad bot responsible for the attack, known as Brobot, generated over 60 gigabits of traffic per second. Attackers overwhelmed targets with a gamut of DDoS attack methods in an attempt to identify one that worked.
Why this is scary
First, if the best-funded industry sector on the planet with one of the most sharply focused security strategies can be taken down by DDoS attacks, any organization in any sector can. This incident underscores the importance of being ready to mitigate all types of attacks – not just the most likely.
Second, the attacks were allegedly carried out by the military wing of the Palestinian Hamas organization. They are not the only well-funded terrorist organization out there with an interest in harming the revenue generating capacity of financial institutions and devaluing their brand reputations and public images.
3. February 2018 – GitHub
In 2018, ISP and cloud-native software development platform GitHub weathered the largest-known DDoS attack in history to that point. Attackers hijacked a high-performance distributed memory system called “memcaching” – normally used to speed up websites and networks – to massively amplify the traffic volumes that were being directed at GitHub. They started by spoofing GitHub’s IP address, then took control of memcached instances that GitHub reported were “inadvertently accessible on the public internet.” The attack generated 1.35 terabits per second (Tbps) and lasted eight minutes. GitHub reported being completely offline for five minutes and experiencing intermittent connectivity for four minutes.
Why this is scary
Even in a secure cloud-native platform with a good reputation that is well-prepared for incidents, instances may be left publicly accessible that enable bad actors to facilitate massive DDoS attacks. It also demonstrates the disruptive value of bringing memcaching into the attack scenario as it helped to raise the volume of traffic sent to GitHub to 50,000 times normal rates.
2. 2017 – Google
In October 2020, Google’s Threat Analysis Group (TAG) reported that in 2017 several Chinese ISPs used several different DDoS attack methods to wage a UDP amplification attack on thousands of Google’s IPs. The attack peaked at a scary 2.5 Tbps and lasted six months. Though it took three years to make the information public, Google’s TAG claims it’s the largest DDoS attack in history to that point. One Google engineer commented, “The attackers used several networks to spoof 167 million of packets per second (Mpps) to a combination of 180,000 exposed CLDAP, DNS, and SMTP servers, which would then send large responses to us.”
Why this is scary
There is a strong suspicion that the Google attack was likely the work of state-sponsored hackers. These types of attackers are usually well-funded and patient. Not only can they easily collect information about all of your network ranges and networking services like other cybercriminals do, but they are also more likely to exploit an insider to facilitate attacks. Google as a technology giant had the capacity to disperse the attack short (and long) term. Smaller organizations are unlikely to be able to do that.
1. February 2020 – AWS
In 2020, Amazon Web Services (AWS) faced off against a network volumetric attack targeting an unidentified AWS customer using a method known as Connectionless Lightweight Directory Access Protocol (CLDAP) reflection. The attackers scanned for and identified a large number of vulnerable third-party CLDAP servers and amplified the volume of data sent to the victim’s IP address by 56 to 70 times. The attack lasted for three days and generated a peak traffic volume of 2.3 Tbps, the largest attack in history to that point.
Why this is scary
In the end, the disruption attributed to this attack was minimal. The principal concern is the sheer volume of the attack and its sophistication. AWS is one of the giants of all things computing, so like Google in 2017 they were able to respond in a way that mitigated the threat and thwarted the attack. Having a robust DDoS attack mitigation strategy like the big players helps protect your revenue and maintain your brand reputation.
Is the worst yet to come?
As the world of cyberhacking and online extortion continues to grow, so will the scale and magnitude of attacks. It’s essential that we acknowledge that bad actors like these are out there, at this type of scale, and that they are an unpleasant by-product of the Information Age. Our own Cyber-Threat Index tracks and analyses the global cyber threat landscape across data and applications. The index is based on several factors, including network traffic, attack traffic and vulnerabilities. It makes for sobering month-on-month reading, as it provides a simple collated metric to track cyber threat level consistently over time, as well as observed trends. At the time of writing we are seeing attacks rise by more than 6% a month, with no immediate sign of any respite.
Get the latest from imperva
The latest news from our experts in the fast-changing world of application, data, and edge security.