The DDoS of The Year!
If you are looking for a rapidly growing segment of the IT world, then DDoS attacks is the place to find exponential growth. There are many reports by many companies in the field of DDoS protection, and the numbers vary in some cases. But the trend is more than clear.
According to the Verisign DDoS Trends Report for the second quarter of 2016, the number of distributed denial of service (DDoS) attacks increased by 75% year over year. According to researchers with NexusGuard, there was an 83% increase of DDoS attacks in the second quarter of 2016 compared to the first quarter. The numbers don’t lie – DDoS is a serious problem with a rapid growth pattern.
DDoS Attacks Can Now Reach 1Tbps
The sheer amount of traffic that these DDoS attacks are generating is huge. Researchers with Arbor Networks report that in the first half of 2016, there were 274 attacks sized over 100 Gbps compared to just 223 in all of 2015. And there were 46 attacks sized over 200 Gbps in the first half compared to 16 in all of 2015. Here are some of the biggest DDoS attacks the web experienced this year:
September 22nd marked a new record in the DDoS world. OVH, one of the world’s largest hosting companies, reported on that day that its systems were hit by distributed denial-of-service (DDoS) attacks that reached nearly one terabit per second (Tbps). Octave Klaba, the founder and CTO of OVH, revealed on Twitter that the company detected a “lot of huge DDoS” in the past days. A screenshot posted by Klaba shows multiple attacks that exceed 100 Gbps, including simultaneous attacks that totaled nearly 1 Tbps. According to the OVH founder, the massive DDoS attack was carried out via a network of over 152,000 IoT devices that includes compromised CCTV cameras and personal video recorders.
On September 20, cybersecurity blogger Brian Krebs website was hit with what experts say is one of the biggest Distributed Denial of Service (DDoS) attack in public internet history, knocking it offline for days with a furious 600 to 700 Gbps (Gigabits per second) traffic surge. According to Akamai, which had the hard job of attempting to protect Krebs’s site, the attack was twice the size of any DDoS event the firm had ever seen before, easily big enough to disrupt thousands of websites let alone one.
The year itself was opened with a record. A group calling itself New World Hacking claimed responsibility for taking down both the BBC’s global website and Donald Trump’s website. It targeted all BBC sites, including its iPlayer on-demand service, and took them down for at least three hours on New Year’s Eve. At the peak of the attack, the amount of traffic launched at BBC was 602 Gbps, though some other smaller numbers have been introduced since then.
Arbor security informed the world that Rio 2016 Olympics was a success in terms of mitigating powerful, prolonged DDoS attacks. Public facing websites belonging to organizations affiliated with the 2016 Rio Olympics were targeted by sustained, sophisticated DDoS attacks reaching up to 540Gbps, according to Arbor Networks. Many of these attacks started months before the Olympic Games had begun, but the security company said that attackers increased their efforts significantly during the games, generating the longest-duration sustained 500Gbps+ DDoS attack Arbor has ever seen.
Perpetrator Techniques Are Getting Increasingly Sophisticated
According to security firm Imperva Incapsula, a 470 gigabits per second (Gbps) distributed denial of service (DDoS) attack on an unnamed gambling website has been described as one of the largest and most complex assaults to date. The perpetrators’ multi-vector approach reached a packet-per-second peak of 110 million, although the assault was quickly mitigated by a security firm. The attack reportedly lasted just over four hours on 14 June and was notable not only for the strength of the assault, but also the multi-vector approach that mixed “nine different payload (packet) types“.
Last June the F5 Security Operations Center (SOC) observed a sizeable 448 Gbps UDP/ICMP fragmentation flood destined primarily towards one specific subnet. It ramped up extremely quickly and dropped drastically back down over the length of about nine minutes. As is common in UDP floods, the attackers sent highly-spoofed UDP packets at a very high packet rate using a large distributed source IP range. In this specific attack, over 100,000 IP addresses were used. The company refused to name the target, but admitted the attack destination is a U.S.-based financial institution that is routinely targeted.
Middle of July saw a well-coordinated attack that shut down several ISIS aka Daesh websites in Nice and Middle Eastern countries. An attacker going by the handle of ”Mons” conducted a series of DDoS attacks using NetStresser, the famous DDoSing tool which was allegedly used to shut down BBC’s servers. the attack on pro-ISIS websites varied from 50 Gbps to 460 Gbps.
Mons further stated that ”We worked together to take down several ISIS websites. This is for obvious reasons. We want to help in any way we can to weaken their influence that threatens and, to some length, literally destroys our very democracy and human rights”.
Since last May, unknown attackers have been directing an ever-changing army of bots in a distributed denial of service (DDoS) attack against NS1, a major DNS and traffic management provider. Rather than dumping raw data on NS1’s servers with amplification attacks—where an attacker sends spoofed DNS requests to open DNS servers that will result in large blocks of data being sent in the direction of the target—the attackers sent programmatically generated DNS lookup requests to NS1’s name servers, at rates reaching 300 Gbps. Some say it is a preliminary before a try to shut down the internet itself.
A massive DDoS attack was staged this July on the servers of the Internet service provider that provides web streaming for the RT TV channel, during the coverage of the attempted coup in Turkey, briefly taking the stream offline. “We received a major DDoS attack, touching the 300 Gbps, when the Turkish coup started, second one from when we started streaming RT; this time HTTP header were infested with some new code which our Firewall did not detect,” a representative of the service provider told RT.
The new freshhold of 100 Gbps is becoming a reality. There are more attacks at this level, which was only last year considered extremely high, than experts can count. Akamai alone published Nineteen distributed denial-of-service (DDoS) attacks that exceeded 100 Gbps during the first three months of the year, hitting a new record, according to its researchers. We are still waiting to see how the year will end.