The DDoS Threats Overview Report 2021 shows that denial of service (DDoS) attacks are constantly growing in size, number, frequency, and complexity. Although the duration of the attack has decreased compared to previous years. But the number of DDoS attacks per month quadrupled. The number of attacks increased 2 times and the number of packets increased 3 times compared to 2020.
This article will share about 5 DDoS attacks that used to cost newspapers a lot of ink. These attacks are all large-scale, but that’s only part of the story. We’ve also drawn some helpful conclusions for our readers to be able to prevent attacks on your business.
#5. DDoS attack on Spamhaus (March 2013)
In 2013, hackers took advantage of meager computer resources to generate traffic up to 300 Gbit/s. The target is Spamhaus - a service that blocks spam mail. This attack successfully disrupted Internet access for millions of users in Europe. And it was one of the most serious attacks in the history of DDoS attacks. The incident lasted about 2 weeks. It was later determined to be caused by an employee of a Dutch company. This person has been blacklisted by Spamhaus for sending spam emails.
Why is this scary?
According to the 2021 DDoS Threats Overview report, a DDoS attack can cripple network resources. Websites can be rented online for as little as $5 an hour. The Spamhaus attacker, using only a small number of computers, was able to generate such great attack power. In fact, the world is full of enemies all around. Just a small amount of money can carry out a DDoS attack, causing serious consequences. It affects the brand reputation, along with it costs resources to clean up the “end of the world”.
#4. DDoS attack on 6 US banks (September 2012)
On March 12, 2012, six top US banks were hit by a DDoS attack. This was the largest number of organizations targeted in a single day at the time. This attack disrupted the customer’s banking system. From a 30-minute outage to an online outage lasting several hours. The bots used in this attack are called Brobots. They generate over 60 gigabits of traffic per second. The attackers overwhelmed the target with a variety of DDoS attack methods. Their purpose is to try to determine which method works.
Why is this scary?
Imagine, what if a field invested with the most advanced and powerful security solutions could also be attacked by DDoS? Certainly attacking an organization in any field is easy for hackers. This incident highlights the importance of having security solutions in place to defend against all attacks. It’s not just the organizations most vulnerable to attack.
Second, this attack is believed to have been carried out by the military wing of the Palestinian Hamas organization. They are not the only heavily invested terrorist organization. There are still many other organizations with such capacity. These attacks will have a great impact on revenue and reduce their brand reputation and image in the public eye.
#3. Distributed Denial of Service Attack on GitHub (February 2018)
In 2018, ISP and cloud-native software development platform GitHub suffered from what is believed to be the largest distributed denial of service attack in history to that point. Attackers have hijacked the high-performance distributed memory system. That memory is called “memcaching” – commonly used to speed up websites and networks. They use memcaching to amplify direct traffic to GitHub. First, hackers will spoof GitHub’s IP address. Then gain control of the cases where GitHub reports “random public Internet access”. Those instances are cached by GitHub. The attack generated 1.35 Tbps and lasted 8 minutes. GitHub completely lost connection for 5 minutes and disconnected for 4 minutes.
Why is this scary?
Cloud-native platforms are seen as safe and well-prepared to prevent incidents. However, versions are still publicly accessible. This creates an opportunity for hackers to “steal” into the system, creating large DDoS attacks. Through this attack, we can see that memcaching can also include a distributed denial-of a service attack scenario. It amplified the traffic sent to GitHub by 50,000 times.
#2. DDoS attack on Google (2017)
In October 2020, the Google Threat Analysis Team (TAG) released a belated report. In 2017, some Chinese ISPs used different DDoS attack methods to perform UDP amplification attack on thousands of Google IPs. The attack peaked at 2.5 Tbps. The scary thing is that it lasted until…6 months. Although it didn’t go public until 3 years later, TAG claimed it was the largest DDoS attack in history up to that point. A Google engineer commented: “Attackers used several networks to generate 167 million packets per second (Mpps). They combine 180,000 CLDAP, DNS, and SMTP servers. And send a large amount of feedback to our system.”
Why is this scary?
This Google attack is believed to be caused by state-sponsored hackers. These attackers are often very well funded and have the ability to prolong attacks. Not only do they easily collect information about all network ranges and network services. What’s more, they can exploit inside information to carry out powerful attacks. Google is seen as a technology giant. They can spread the attack in the short (and long) term. But smaller organizations can hardly do that.
#first. Distributed Denial of Service Attack on AWS (February 1, 2020)
In 2020, Amazon Web Services (AWS) faced a high-volume attack. AWS did not disclose which customers were the target of this attack. The attacker used CLDAP - a protocol for user directories. They scanned and identified a large number of vulnerable third-party CLDAP servers. It then amplifies from 56 to 70 times the volume of data sent to the victim’s IP address. The attack lasted for three days with peak traffic of 2.3 Tbps. This was the largest attack in history up to that point.
Why is this scary?
Although this attack causes short-term interruptions. But the main concern is its volume as well as its complexity. AWS is one of the “All things computing” giants. Like Google in 2017, they can mitigate the threat and stop the attack. It takes strong Distributed Denial of Service attack strategies like the big companies above to protect your revenue and maintain your brand’s reputation.
Are those the biggest DDoS attacks?
As the trend of cyberattacks and online extortion continues to grow, so will the scale and complexity of attacks. So no one can guarantee that the above 5 attacks are the largest in history. We must admit that attackers are always present and are the obstacle of the information age. Any organization or business can be a victim of them. Attacks can happen unexpectedly and have serious consequences.
“Prevention is better than cure”. Businesses should arm themselves with safeguards before they happen to avoid unintended consequences. VNETWORK is known as a leading cyber security and rescue center in Vietnam. VNIS DDoS Protection solution (VNETWORK Internet Security) has successfully prevented attacks for many domestic and foreign customers.
Register for free 7-day comprehensive Website protection at VNIS.VN or immediately call the hotline: (028) 7306 8789 for the fastest support.