10 Biggest DDoS Attacks And How Your Organisation Can Learn From Them
Published on: 28 May 2019
Last modified on: 26 Nov 2025
What is a DDoS Attack?
A Distributed Denial of Service (DDoS) attack is an attempt to make an online service unavailable by overwhelming it with massive traffic from multiple sources. These attacks often involve flooding a website or network beyond its capacity, causing it to slow down or crash.
Top DDoS Attacks in History
1. GitHub (2018)
GitHub experienced a record-breaking DDoS attack with traffic peaking at 1.3 terabits per second using the memcaching method. Thanks to DDoS protection services, the attack was mitigated within 10 minutes.
2. Dyn (2016)
Dyn, a major DNS provider, faced an attack via the Mirai botnet using 100,000 IoT devices. The attack disrupted websites including Amazon, Netflix, and Airbnb, causing damages estimated at $110 million.
3. Hong Kong (2014)
During Hong Kong’s Occupy Central movement, hackers used five botnets to flood servers with junk traffic, halting websites like PopVote and Apple Daily and exposing users to phishing attacks.
4. Unnamed Cloudflare Client (2014)
A European client of Cloudflare faced a 400 Gbps NTP amplification attack, affecting Cloudflare’s network for several days due to the sheer traffic volume.
5. Spamhaus (2013)
Spamhaus, a major spam filtering company, suffered a DNS reflection attack of over 300 Gbps. Cloudflare assisted in mitigating the attack, which lasted over a week and caused significant network disruption in the UK.
6. US Banks (2012)
Six major US banks, including Bank of America and JP Morgan Chase, were targeted by DDoS attacks over three days, receiving more than 60 Gbps of traffic from hundreds of hijacked servers.
7. GitHub (2015)
A politically motivated attack from China targeted GitHub to pressure the platform into removing projects circumventing Chinese censorship. Infected browsers sent requests to GitHub URLs, causing outages across its network.
8. Estonia (2007)
Estonia faced massive DDoS attacks affecting government, banks, and media websites following a political conflict with Russia. The attack marked one of the earliest examples of cyber warfare.
9. Mafiaboy (2000)
Teen hacker Mafiaboy took down major commercial websites, including CNN and eBay, using a bot network that controlled millions of computers, causing widespread disruption.
10. BBC (2015)
The BBC News website and iPlayer services were disrupted for hours by a DDoS attack using Amazon Web Services (AWS) servers, claiming 600 Gbps of traffic.
The Urgent Need for Proactive DDoS Defense
DDoS attacks have the power to disrupt entire networks and websites. As attacks become more advanced, organisations must adopt proactive defense strategies.
- Use a dedicated DDoS protection service to detect and redirect malicious traffic.
- Implement firewalls, VPNs, anti-spam solutions, and multiple layers of security.
- Train employees on cyber awareness to reduce risks from phishing and other social engineering attacks.
MetaCompliance provides advanced security awareness tools, helping organisations strengthen their cybersecurity posture and manage compliance risks.
Explore MetaCompliance Solutions
To enhance your organisation’s cybersecurity and compliance, explore our solutions:
FAQs on DDoS Attacks
What does DDoS stand for?
Distributed Denial of Service, an attack aimed at overwhelming online services.
How do DDoS attacks work?
By flooding a server with massive traffic from multiple sources until it cannot function.
Who are common targets of DDoS attacks?
Businesses, government agencies, media outlets, and financial institutions are frequent targets.
How long do DDoS attacks usually last?
Attack durations vary from minutes to several days, depending on scale and mitigation efforts.