Title.png (5)

10 Biggest DDoS Attacks and how your organisation can learn from them

There’s no doubt that over the last 20 years, DDoS attacks have evolved in size, scale and sophistication. As criminals enlist new technologies like IoT devices to distribute and amplify attacks, it’s become a threat that organisations can no longer choose to ignore.

In 2018, the UK’s National Crime Agency named DDoS attacks as the joint leading threat facing businesses, alongside ransomware. They noted a steep increase in attacks and advised organisations to take immediate steps to protect themselves from this growing threat.

In today’s digital age, most organisations rely heavily on web connectivity and online services to conduct business. Any disruption to this service can have serious ramifications that include; loss of revenue, service interruption, damage to brand reputation, loss of customers and the theft of valuable data.

But what is a DDoS attack? A distributed denial-of-service attack is an attempt to make an online service unavailable by overwhelming it with huge volumes of traffic from multiple sources. These types of attacks are typically caused by flooding a website with more traffic than the server can handle.

By examining 10 of the biggest DDoS attacks in history, we can see how these attacks have evolved and what lessons can be learned.

1. GitHub (2018)

On February 28, 2018, GitHub - a popular online code management service used by millions of developers, was hit with the largest ever DDoS attack. The platform was used to high levels of traffic, but what it wasn’t prepared for was the massive influx of traffic which peaked at a record breaking 1.3 terabits per second.

The GitHub attack didn’t involve botnets but instead used a method known as memcaching, a database caching system used to speed up websites and networks. The attackers were able to spoof GitHub’s IP address and then massively amplify the levels of traffic being directed at the platform.

Luckily, GitHub was using a DDoS protection service, and within 10 minutes of the attack being triggered, the company was able to contain and stop the attack from continuing.

2. Dyn (2016)

Dyn 2016

The second largest DDoS attack was directed at Dyn, a major DNS provider, in October 2016. The attack was hugely disruptive and brought down the websites of over 80 of its customers including Amazon, Netflix, Airbnb, Spotify, Twitter, PayPal and Reddit.

Using a malware called Mirai, hackers created a massive botnet of 100,000 Internet of things (IoT) devices to launch their attack. The devices included radios, smart TVs, printers and they were all programmed to send requests to Dyn and overwhelm it with traffic.

Damage from the attack is reputed to have cost $110 million and despite the attack being contained within one day, in the immediate aftermath of the attack, over 14,500 domains dropped Dyn’s services.

3. Hong Kong (2014)

In 2014, a massive DDoS attack targeted Hong Kong’s pro-democracy movement, Occupy Central. Hackers sent huge volumes of traffic to three of Occupy Central’s web hosting services, including two independent news sites known as PopVote and Apple daily.

Using five botnets, the hackers bombarded the servers with packets of junk disguised as legitimate traffic. At its peak, the traffic reached over 500 gigabits per second bringing both websites to a grinding halt. The attack was also used to break into their databases which resulted in PopVote employees being bombarded with Phishing emails.

4. Unnamed Cloudflare Client (2014)

In 2014, a client of DDoS protection firm Cloudflare, was hit by a huge DDoS attack that bombarded them with over 400 gigabits of traffic per second. The attack targeted servers in Europe and exploited the Network Time Protocol (NTP), normally used to sync clocks on machines, to slow response times. NTP Amplification attacks are extremely difficult to block as the responses are legitimate data that appear to come from valid servers.

The attack lasted several days and was so powerful that even though it was aimed at one of Cloudflare’s clients, it ended up affecting Cloudflare’s own network.

5. Spamhaus (2013)

Spamhaus 2013

In 2013, a DDoS attack was launched against Spamhaus, an industry-leading spam filtering organisation.  The company is responsible for filtering as much as 80% of all spam, which makes it an attractive target for threats and attacks.         

Using a strategy known as a Domain Name System (DNS) reflection, hackers bombarded Spamhaus with over 300 gigabits of traffic, knocking their website offline, as well as part of their email services. To help stem the attack, Spamhaus turned to Cloudflare for help, however the hackers shifted focus and attempted to bring down the DDoS protection service in the process. The attack lasted for over a week and caused huge network disruptions across the UK.

6. US Banks (2012)

In September and October 2012, six major US banks were targeted by a string of DDoS attacks. The banks included; Bank of America, JP Morgan Chase, US Bancorp, Citigroup, and PNC Bank.

The attack was carried out by hundreds of hijacked servers, which targeted the banks with more than 60 gigabits of traffic per second. The attack lasted for over three days, disrupting services and slowing down systems within the bank. The attack was unique in that rather than one concentrated attack, the hackers tried a range of different methods to find out what would cause most damage.

7. GitHub (2015)

At the time, the 2015 GitHub attack was one of the largest to have ever taken place. The DDoS traffic originated in China and targeted two URLs of GitHub projects that were aimed at avoiding Chinese state censorship.

 It’s thought that the politically motivated attack was instigated by the Chinese government and the aim was to pressurise GitHub into dropping the projects.

The hackers carried out the attack by injecting JavaScript code into the browsers of everyone who visited Baidu, China’s most popular search engine. The code caused infected browsers to send HTTP requests to the targeted GitHub pages and throughout the duration of the attack, GitHub experienced outages across its entire network.

8. Estonia (2007)

Estonia 2007

In April 2007, Estonia was hit with a massive DDoS attack that targeted government services, banks, financial institutions and media outlets. The attack is considered to be one of the first major acts of cyber warfare and came in response to a political conflict with Russia over the relocation of the ‘Bronze Soldier of Tallinn’, a World War II monument.

Massive waves of spam were sent by botnets and huge amounts of online requests swamped servers. Despite no concrete evidence that Russia was behind the attack, it led to the creation of international laws for cyber warfare.

9. Mafiaboy (2000)

In February 2000, a 15-year-old hacker known as ‘Mafiaboy’ took down several major commercial websites including CNN, Amazon, eBay, Dell and Yahoo. The teenager used a bot network to gain control of millions of computers and use them to flood the websites with an overwhelming volume of traffic.

The highly publicised attacks lasted for over a week, creating chaos in the stock markets and bringing some of the sites to a virtual standstill.

10. BBC (2015)

On New Year's Eve, 2015, the BBC became the victim of a sustained DDoS attack by anti-Islamic State (IS) group, New World Hacking. The attack brought down the BBC News website along with its iPlayer service for over three hours. Despite resuming service, the entire domain experienced significant disruption for the rest of the day.

The attack used two Amazon Web Services (AWS) servers to harness unlimited bandwidth and the hackers claimed they attacked at a rate of 600 gigabits per second, although this has since been disputed.

Conclusion

As we can see from this extensive list, DDoS attacks have the potential to take down entire company websites, networks and as the Dyn attack demonstrated, almost the entire internet.

As attacks become more sophisticated, organisations will need to become more proactive in their approach to defend against attacks. Some of the largest attacks in history have been mitigated through the quick detection of DDoS protection firms.

Organisations should consider the use of a DDoS protection service that will detect abnormal traffic flows and redirect any DDoS traffic away from the network. Other security measures include securing network infrastructure through the use of a firewall, VPN, Anti-spam and other layers of DDoS defence techniques.

MetaCompliance specialises in creating the best Cyber Security awareness training available on the market. Our products directly address the specific challenges that arise from cyber threats and corporate governance by making it easier for users to engage in Cyber Security and compliance. Get in touch for further information on how we can help transform Cyber Security awareness within your organisation.