The DDoS of The Year!

GlobalDots
5 Min read

If you are looking for a rapidly growing segment of the IT world, then DDoS attacks is the place to find exponential growth. There are many reports by many companies in the field of DDoS protection, and the numbers vary in some cases. But the trend is more than clear.

According to the Verisign DDoS Trends Report for the second quarter of 2016, the number of distributed denial of service (DDoS) attacks increased by 75% year over year. According to researchers with NexusGuard, there was an 83% increase of DDoS attacks in the second quarter of 2016 compared to the first quarter. The numbers don’t lie – DDoS is a serious problem with a rapid growth pattern.

DDOS Attack on Red Button on Black Computer Keyboard.

Image Source

 

DDoS Attacks Can Now Reach 1Tbps

The sheer amount of traffic that these DDoS attacks are generating is huge. Researchers with Arbor Networks report that in the first half of 2016, there were 274 attacks sized over 100 Gbps compared to just 223 in all of 2015. And there were 46 attacks sized over 200 Gbps in the first half compared to 16 in all of 2015. Here are some of the biggest DDoS attacks the web experienced this year:

September 22nd marked a new record in the DDoS world. OVH, one of the world’s largest hosting companies, reported on that day that its systems were hit by distributed denial-of-service (DDoS) attacks that reached nearly one terabit per second (Tbps). Octave Klaba, the founder and CTO of OVH, revealed on Twitter that the company detected a “lot of huge DDoS” in the past days. A screenshot posted by Klaba shows multiple attacks that exceed 100 Gbps, including simultaneous attacks that totaled nearly 1 Tbps. According to the OVH founder, the massive DDoS attack was carried out via a network of over 152,000 IoT devices that includes compromised CCTV cameras and personal video recorders.

cctvImage Source

Tweet this: September 22nd: over 152,000 IoT devices used in nearly 1 Tbps DDoS attack

On  September 20, cybersecurity blogger Brian Krebs website was hit with what experts say is one of the biggest Distributed Denial of Service (DDoS) attack in public internet history, knocking it offline for days with a furious 600 to 700 Gbps (Gigabits per second) traffic surge. According to Akamai, which had the hard job of attempting to protect Krebs’s site, the attack was twice the size of any DDoS event the firm had ever seen before, easily big enough to disrupt thousands of websites let alone one.

The year itself was opened with a record. A group calling itself New World Hacking claimed responsibility for taking down both the BBC’s global website and Donald Trump’s website. It targeted all BBC sites, including its iPlayer on-demand service, and took them down for at least three hours on New Year’s Eve. At the peak of the attack, the amount of traffic launched at BBC was 602 Gbps, though some other smaller numbers have been introduced since then.

Arbor security informed the world that Rio 2016 Olympics was a success in terms of mitigating powerful, prolonged DDoS attacks. Public facing websites belonging to organizations affiliated with the 2016 Rio Olympics were targeted by sustained, sophisticated DDoS attacks reaching up to 540Gbps, according to Arbor Networks. Many of these attacks started months before the Olympic Games had begun, but the security company said that attackers increased their efforts significantly during the games, generating the longest-duration sustained 500Gbps+ DDoS attack Arbor has ever seen.

2016-08-12-cyber-security-issues-1

Image Source

Tweet this: Sophisticated 500Gbps+ DDoS attacks were successfully mitigated during Rio 2016 Olympics

Perpetrator Techniques Are Getting Increasingly Sophisticated

According to security firm Imperva Incapsula, a 470 gigabits per second (Gbps) distributed denial of service (DDoS) attack on an unnamed gambling website has been described as one of the largest and most complex assaults to date. The perpetrators’ multi-vector approach reached a packet-per-second peak of 110 million, although the assault was quickly mitigated by a security firm. The attack reportedly lasted just over four hours on 14 June and was notable not only for the strength of the assault, but also the multi-vector approach that mixed “nine different payload (packet) types“.

Last June the F5 Security Operations Center (SOC) observed a sizeable 448 Gbps UDP/ICMP fragmentation flood destined primarily towards one specific subnet. It ramped up extremely quickly and dropped drastically back down over the length of about nine minutes. As is common in UDP floods, the attackers sent highly-spoofed UDP packets at a very high packet rate using a large distributed source IP range. In this specific attack, over 100,000 IP addresses were used. The company refused to name the target, but admitted the attack destination is a U.S.-based financial institution that is routinely targeted.

Middle of July saw a well-coordinated attack that shut down several ISIS aka Daesh websites in Nice and Middle Eastern countries. An attacker going by the handle of ”Mons” conducted a series of DDoS attacks using NetStresser, the famous DDoSing tool which was allegedly used to shut down BBC’s servers. the attack on pro-ISIS websites varied from 50 Gbps to 460 Gbps.  

Mons further stated that ”We worked together to take down several ISIS websites. This is for obvious reasons. We want to help in any way we can to weaken their influence that threatens and, to some length, literally destroys our very democracy and human rights”.

netstress

Image Source

Tweet this: A series of DDoS attacks that brought down ISIS sites was executed using NetStresser DDoS tool

Since last May, unknown attackers have been directing an ever-changing army of bots in a distributed denial of service (DDoS) attack against NS1, a major DNS and traffic management provider. Rather than dumping raw data on NS1’s servers with amplification attacks—where an attacker sends spoofed DNS requests to open DNS servers that will result in large blocks of data being sent in the direction of the target—the attackers sent programmatically generated DNS lookup requests to NS1’s name servers, at rates reaching 300 Gbps. Some say it is a preliminary before a try to shut down the internet itself.

A massive DDoS attack was staged this July on the servers of the Internet service provider that provides web streaming for the RT TV channel, during the coverage of the attempted coup in Turkey, briefly taking the stream offline. “We received a major DDoS attack, touching the 300 Gbps, when the Turkish coup started, second one from when we started streaming RT; this time HTTP header were infested with some new code which our Firewall did not detect,” a representative of the service provider told RT.

The new freshhold of 100 Gbps is becoming a reality. There are more attacks at this level, which was only last year considered extremely high, than experts can count. Akamai alone published Nineteen distributed denial-of-service (DDoS) attacks that exceeded 100 Gbps during the first three months of the year, hitting a new record, according to its researchers. We are still waiting to see how the year will end.

Latest Articles

AWS FinOps Best Practices

Amazon Web Services (AWS) is the most established cloud vendor on the planet – its vast array of services increases every year, with a staggering 200 new offerings released in 2020 alone. These services offer businesses the ability to adjust resources based on demand – a cost-effective pay-as-you-go model and a global infrastructure for widespread […]

Nesh (Steven Puddephatt) Senior Solutions Engineer @ GlobalDots
30th November, 2023
Reduce Cloud Costs by Up to 80% with Automated K8s

In the dynamic landscape of cloud computing, Kubernetes (K8s) has emerged as a cornerstone for container orchestration. There is no doubt that K8s clusters are effective, yet companies continue to grapple with the complexities of managing K8s clusters, especially in production. GlobalDots, recognizing this challenge, has curated a pioneering solution: a platform that transforms the […]

GlobalDots
30th November, 2023
FinOps Tools: Key Factors to Consider

For organizations already well-established in the cloud, vendors such as AWS and Azure often bite large chunks out of annual revenue. Monthly cloud bills accumulate quickly  – the 5 biggest cloud vendors rake in a combined total revenue of over $80 billion a year, with Microsoft and Amazon claiming the lion’s share of over $20 […]

Nesh (Steven Puddephatt) Senior Solutions Engineer @ GlobalDots
22nd November, 2023
AWS Innovations Decoded: GlobalDots’ Top 20 Picks

Join AWS experts from GlobalDots as they decode the top 20 cloud innovations you need to know in a 2 part Webinar. Gain insider insights on leveraging these transformative technologies to boost performance, tighten security, and reduce costs. Discover real-world applications to apply these advancements to your business. Reserve your spot now! 🚀 Stay Ahead: Learn […]

GlobalDots
31st October, 2023

Unlock Your Cloud Potential

Schedule a call with our experts. Discover new technology and get recommendations to improve your performance.

Unlock Your Cloud Potential