Blog

The DDoS of The Year!

Admin Globaldots
18.10.2016
image 5 Min read

If you are looking for a rapidly growing segment of the IT world, then DDoS attacks is the place to find exponential growth. There are many reports by many companies in the field of DDoS protection, and the numbers vary in some cases. But the trend is more than clear.

According to the Verisign DDoS Trends Report for the second quarter of 2016, the number of distributed denial of service (DDoS) attacks increased by 75% year over year. According to researchers with NexusGuard, there was an 83% increase of DDoS attacks in the second quarter of 2016 compared to the first quarter. The numbers don’t lie – DDoS is a serious problem with a rapid growth pattern.

DDOS Attack on Red Button on Black Computer Keyboard.

Image Source

 

DDoS Attacks Can Now Reach 1Tbps

The sheer amount of traffic that these DDoS attacks are generating is huge. Researchers with Arbor Networks report that in the first half of 2016, there were 274 attacks sized over 100 Gbps compared to just 223 in all of 2015. And there were 46 attacks sized over 200 Gbps in the first half compared to 16 in all of 2015. Here are some of the biggest DDoS attacks the web experienced this year:

September 22nd marked a new record in the DDoS world. OVH, one of the world’s largest hosting companies, reported on that day that its systems were hit by distributed denial-of-service (DDoS) attacks that reached nearly one terabit per second (Tbps). Octave Klaba, the founder and CTO of OVH, revealed on Twitter that the company detected a “lot of huge DDoS” in the past days. A screenshot posted by Klaba shows multiple attacks that exceed 100 Gbps, including simultaneous attacks that totaled nearly 1 Tbps. According to the OVH founder, the massive DDoS attack was carried out via a network of over 152,000 IoT devices that includes compromised CCTV cameras and personal video recorders.

cctvImage Source

Tweet this: September 22nd: over 152,000 IoT devices used in nearly 1 Tbps DDoS attack

On  September 20, cybersecurity blogger Brian Krebs website was hit with what experts say is one of the biggest Distributed Denial of Service (DDoS) attack in public internet history, knocking it offline for days with a furious 600 to 700 Gbps (Gigabits per second) traffic surge. According to Akamai, which had the hard job of attempting to protect Krebs’s site, the attack was twice the size of any DDoS event the firm had ever seen before, easily big enough to disrupt thousands of websites let alone one.

The year itself was opened with a record. A group calling itself New World Hacking claimed responsibility for taking down both the BBC’s global website and Donald Trump’s website. It targeted all BBC sites, including its iPlayer on-demand service, and took them down for at least three hours on New Year’s Eve. At the peak of the attack, the amount of traffic launched at BBC was 602 Gbps, though some other smaller numbers have been introduced since then.

Arbor security informed the world that Rio 2016 Olympics was a success in terms of mitigating powerful, prolonged DDoS attacks. Public facing websites belonging to organizations affiliated with the 2016 Rio Olympics were targeted by sustained, sophisticated DDoS attacks reaching up to 540Gbps, according to Arbor Networks. Many of these attacks started months before the Olympic Games had begun, but the security company said that attackers increased their efforts significantly during the games, generating the longest-duration sustained 500Gbps+ DDoS attack Arbor has ever seen.

2016-08-12-cyber-security-issues-1

Image Source

Tweet this: Sophisticated 500Gbps+ DDoS attacks were successfully mitigated during Rio 2016 Olympics

Perpetrator Techniques Are Getting Increasingly Sophisticated

According to security firm Imperva Incapsula, a 470 gigabits per second (Gbps) distributed denial of service (DDoS) attack on an unnamed gambling website has been described as one of the largest and most complex assaults to date. The perpetrators’ multi-vector approach reached a packet-per-second peak of 110 million, although the assault was quickly mitigated by a security firm. The attack reportedly lasted just over four hours on 14 June and was notable not only for the strength of the assault, but also the multi-vector approach that mixed “nine different payload (packet) types“.

Last June the F5 Security Operations Center (SOC) observed a sizeable 448 Gbps UDP/ICMP fragmentation flood destined primarily towards one specific subnet. It ramped up extremely quickly and dropped drastically back down over the length of about nine minutes. As is common in UDP floods, the attackers sent highly-spoofed UDP packets at a very high packet rate using a large distributed source IP range. In this specific attack, over 100,000 IP addresses were used. The company refused to name the target, but admitted the attack destination is a U.S.-based financial institution that is routinely targeted.

Middle of July saw a well-coordinated attack that shut down several ISIS aka Daesh websites in Nice and Middle Eastern countries. An attacker going by the handle of ”Mons” conducted a series of DDoS attacks using NetStresser, the famous DDoSing tool which was allegedly used to shut down BBC’s servers. the attack on pro-ISIS websites varied from 50 Gbps to 460 Gbps.  

Mons further stated that ”We worked together to take down several ISIS websites. This is for obvious reasons. We want to help in any way we can to weaken their influence that threatens and, to some length, literally destroys our very democracy and human rights”.

netstress

Image Source

Tweet this: A series of DDoS attacks that brought down ISIS sites was executed using NetStresser DDoS tool

Since last May, unknown attackers have been directing an ever-changing army of bots in a distributed denial of service (DDoS) attack against NS1, a major DNS and traffic management provider. Rather than dumping raw data on NS1’s servers with amplification attacks—where an attacker sends spoofed DNS requests to open DNS servers that will result in large blocks of data being sent in the direction of the target—the attackers sent programmatically generated DNS lookup requests to NS1’s name servers, at rates reaching 300 Gbps. Some say it is a preliminary before a try to shut down the internet itself.

A massive DDoS attack was staged this July on the servers of the Internet service provider that provides web streaming for the RT TV channel, during the coverage of the attempted coup in Turkey, briefly taking the stream offline. “We received a major DDoS attack, touching the 300 Gbps, when the Turkish coup started, second one from when we started streaming RT; this time HTTP header were infested with some new code which our Firewall did not detect,” a representative of the service provider told RT.

The new freshhold of 100 Gbps is becoming a reality. There are more attacks at this level, which was only last year considered extremely high, than experts can count. Akamai alone published Nineteen distributed denial-of-service (DDoS) attacks that exceeded 100 Gbps during the first three months of the year, hitting a new record, according to its researchers. We are still waiting to see how the year will end.

Comments

0 comments

There’s more to see

eCommerce Group Reduces Cloud Bill by $1.4 annually
FinOps – Cloud Cost Optimization
David Amir, Head of FinOps @ GlobalDots 03.07.22

Even the smartest online businesses and DevOps teams can find themselves in a state of cloud overspend. The more complex the business structure – the deeper the problem might become. This was just the case for our client, a giant eCommerce retail group. This is the story of how GlobalDots cloud economy services, backed by […]

Read more
DevOps Expertise at Your Doorstep 
DevOps as a Service
Dror Arie, Senior Solutions Architect @ GlobalDots 29.06.22

Expert teams fit into every product development and deployment stage – we implement CI/CD, Kubernetes Migration & Clusters, Infrastructure as Code, Logging and Observability, Cloud Infrastructure Design, Container Management, and much more.

Read more
Get 15% discount for the FinTech Junction Conference!
Your Innovation Feed
Admin Globaldots 28.06.22

The coronavirus pandemic has changed everything, from the way we live and work to the way we consume and get basic services. Financial services will never look the same again. In this new reality, financial services companies will have to accelerate the development of their digital services, protect their customer data, and continue to improve […]

Read more
Unlock Your Cloud Potential
Schedule a call with our experts. Discover new technology and get recommendations to improve your performance.
Contact us