Back
Cyber Security Training & Software for Companies | MetaCompliance

Products

Discover our suite of personalised Security Awareness Training solutions, designed to empower and educate your team against modern cyber threats. From policy management to phishing simulations, our platform equips your workforce with the knowledge and skills needed to safeguard your organisation.

Cyber Security eLearning

Cyber Security eLearning to Explore our Award-Winning eLearning Library, Tailored for Every Department

Security Awareness Automation

Schedule Your Annual Awareness Campaign In A Few Clicks

Phishing Simulation

Stop Phishing Attacks In Their Tracks With Award-Winning Phishing Software

Policy Management

Centralise Your Policies In One Place And Effortlessly Manage Policy Lifecycles

Privacy Management

Control, Monitor, and Manage Compliance with Ease

Incident Management

Take Control Of Internal Incidents And Remediate What Matters

Back
Industry

Industries

Explore the versatility of our solutions across diverse industries. From the dynamic tech sector to healthcare, delve into how our solutions are making waves across multiple sectors. 


Financial Services

Creating A First Line Of Defence For Financial Service Organisations

Governments

A Go-To Security Awareness Solution For Governments

Enterprises

A Security Awareness Training Solution For Large Enterprises

Remote Workers

Embed A Culture Of Security Awareness - Even At Home

Education Sector

Engaging Security Awareness Training For The Education Sector

Healthcare Workers

See Our Tailored Security Awareness For Healthcare Workers

Tech Industry

Transforming Security Awareness Training In The Tech Industry

NIS2 Compliance

Support Your Nis2 Compliance Requirements With Cyber Security Awareness Initiatives

Back
Resources

Resources

From posters and policies to ultimate guides and case studies, our free awareness assets can be used to help improve cyber security awareness within your organisation.

Cyber Security Awareness For Dummies

An Indispensable Resource For Creating A Culture Of Cyber Awareness

Dummies Guide To Cyber Security Elearning

The Ultimate Guide To Implementing Effective Cyber Security Elearning

Ultimate Guide To Phishing

Educate Employees About How To Detect And Prevent Phishing Attacks

Free Awareness Posters

Download These Complimentary Posters To Enhance Employee Vigilance

Anti Phishing Policy

Create A Security-Conscious Culture And Promote Awareness Of Cyber Security Threats

Case Studies

Hear How We’re Helping Our Customers Drive Positive Behaviour In Their Organisations

A-Z Cyber Security Terminology

A Glossary Of Must-Know Cyber Security Terms

Cyber Security Behavioural Maturity Model

Audit Your Awareness Training And Benchmark Your Organisation Against Best Practice

Free Stuff

Download Our Free Awareness Assets To Improve Cyber Security Awareness In Your Organisation

Back
MetaCompliance | Cyber Security Training & Software for Employees

About

With 18+ years of experience in the Cyber Security and Compliance market, MetaCompliance provides an innovative solution for staff information security awareness and incident management automation. The MetaCompliance platform was created to meet customer needs for a single, comprehensive solution to manage the people risks surrounding Cyber Security, Data Protection and Compliance.

Why Choose Us

Learn Why Metacompliance Is The Trusted Partner For Security Awareness Training

Employee Engagement Specialists

We Make It Easier To Engage Employees And Create a Culture of Cyber Awareness

Security Awareness Automation

Easily Automate Security Awareness Training, Phishing And Policies In Minutes

MetaBlog

Stay informed about cyber awareness training topics and mitigate risk in your organisation.

10 Biggest DDoS Attacks and how your organisation can learn from them

ddos title

about the author

Share this post

There’s no doubt that over the last 20 years, DDoS attacks have evolved in size, scale and sophistication.

 As criminals enlist new technologies like IoT devices to distribute and amplify attacks, it’s become a threat that organisations can no longer choose to ignore.

In 2018, the UK’s National Crime Agency named DDoS attacks as the joint leading threat facing businesses, alongside ransomware. They noted a steep increase in attacks and advised organisations to take immediate steps to protect themselves from this growing threat.

In today’s digital age, most organisations rely heavily on web connectivity and online services to conduct business. Any disruption to this service can have serious ramifications that include; loss of revenue, service interruption, damage to brand reputation, loss of customers and the theft of valuable data.

But what is a DDoS attack? A distributed denial-of-service attack is an attempt to make an online service unavailable by overwhelming it with huge volumes of traffic from multiple sources. These types of attacks are typically caused by flooding a website with more traffic than the server can handle.

By examining 10 of the biggest DDoS attacks in history, we can see how these attacks have evolved and what lessons can be learned.

Top DDoS Attacks

1. GitHub (2018)

On February 28, 2018, GitHub – a popular online code management service used by millions of developers, was hit with the largest ever DDoS attack. The platform was used to high levels of traffic, but what it wasn’t prepared for was the massive influx of traffic which peaked at a record breaking 1.3 terabits per second.

The GitHub attack didn’t involve botnets but instead used a method known as memcaching, a database caching system used to speed up websites and networks. The attackers were able to spoof GitHub’s IP address and then massively amplify the levels of traffic being directed at the platform.

Luckily, GitHub was using a DDoS protection service, and within 10 minutes of the attack being triggered, the company was able to contain and stop the attack from continuing.

2. Dyn (2016)

Dyn DDoS attack

The second largest DDoS attack was directed at Dyn, a major DNS provider, in October 2016. The attack was hugely disruptive and brought down the websites of over 80 of its customers including Amazon, Netflix, Airbnb, Spotify, Twitter, PayPal and Reddit.

Using a malware called Mirai, hackers created a massive botnet of 100,000 Internet of things (IoT) devices to launch their attack. The devices included radios, smart TVs, printers and they were all programmed to send requests to Dyn and overwhelm it with traffic.

Damage from the attack is reputed to have cost $110 million and despite the attack being contained within one day, in the immediate aftermath of the attack, over 14,500 domains dropped Dyn’s services.

3. Hong Kong (2014)

In 2014, a massive DDoS attack targeted Hong Kong’s pro-democracy movement, Occupy Central. Hackers sent huge volumes of traffic to three of Occupy Central’s web hosting services, including two independent news sites known as PopVote and Apple daily.

Using five botnets, the hackers bombarded the servers with packets of junk disguised as legitimate traffic. At its peak, the traffic reached over 500 gigabits per second bringing both websites to a grinding halt. The attack was also used to break into their databases which resulted in PopVote employees being bombarded with Phishing emails.

4. Unnamed Cloudflare Client (2014)

In 2014, a client of DDoS protection firm Cloudflare, was hit by a huge DDoS attack that bombarded them with over 400 gigabits of traffic per second. The attack targeted servers in Europe and exploited the Network Time Protocol (NTP), normally used to sync clocks on machines, to slow response times. NTP Amplification attacks are extremely difficult to block as the responses are legitimate data that appear to come from valid servers.

The attack lasted several days and was so powerful that even though it was aimed at one of Cloudflare’s clients, it ended up affecting Cloudflare’s own network.

5. Spamhaus (2013)

Spamhaus DDoS attack

In 2013, a DDoS attack was launched against Spamhaus, an industry-leading spam filtering organisation.  The company is responsible for filtering as much as 80% of all spam, which makes it an attractive target for threats and attacks.         

Using a strategy known as a Domain Name System (DNS) reflection, hackers bombarded Spamhaus with over 300 gigabits of traffic, knocking their website offline, as well as part of their email services. To help stem the attack, Spamhaus turned to Cloudflare for help, however the hackers shifted focus and attempted to bring down the DDoS protection service in the process. The attack lasted for over a week and caused huge network disruptions across the UK.

6. US Banks (2012)

In September and October 2012, six major US banks were targeted by a string of DDoS attacks. The banks included; Bank of America, JP Morgan Chase, US Bancorp, Citigroup, and PNC Bank.

The attack was carried out by hundreds of hijacked servers, which targeted the banks with more than 60 gigabits of traffic per second. The attack lasted for over three days, disrupting services and slowing down systems within the bank. The attack was unique in that rather than one concentrated attack, the hackers tried a range of different methods to find out what would cause the most damage.

7. GitHub (2015)

At the time, the 2015 GitHub attack was one of the largest to have ever taken place. The DDoS traffic originated in China and targeted two URLs of GitHub projects that were aimed at avoiding Chinese state censorship.

 It’s thought that the politically motivated attack was instigated by the Chinese government and the aim was to pressurise GitHub into dropping the projects.

The hackers carried out the attack by injecting JavaScript code into the browsers of everyone who visited Baidu, China’s most popular search engine. The code caused infected browsers to send HTTP requests to the targeted GitHub pages and throughout the duration of the attack, GitHub experienced outages across its entire network.

8. Estonia (2007)

Estonia DDos attack

In April 2007, Estonia was hit with a massive DDoS attack that targeted government services, banks, financial institutions and media outlets. The attack is considered to be one of the first major acts of cyber warfare and came in response to a political conflict with Russia over the relocation of the ‘Bronze Soldier of Tallinn’, a World War II monument.

Massive waves of spam were sent by botnets and huge amounts of online requests swamped servers. Despite no concrete evidence that Russia was behind the attack, it led to the creation of international laws for cyber warfare.

9. Mafiaboy (2000)

In February 2000, a 15-year-old hacker known as ‘Mafiaboy’ took down several major commercial websites including CNN, Amazon, eBay, Dell and Yahoo. The teenager used a bot network to gain control of millions of computers and use them to flood the websites with an overwhelming volume of traffic.

The highly publicised attacks lasted for over a week, creating chaos in the stock markets and bringing some of the sites to a virtual standstill.

10. BBC (2015)

On New Year’s Eve, 2015, the BBC became the victim of a sustained DDoS attack by the anti-Islamic State (IS) group, New World Hacking. The attack brought down the BBC News website along with its iPlayer service for over three hours. Despite resuming service, the entire domain experienced significant disruption for the rest of the day.

The attack used two Amazon Web Services (AWS) servers to harness unlimited bandwidth and the hackers claimed they attacked at a rate of 600 gigabits per second, although this has since been disputed.

Conclusion

As we can see from this extensive list, DDoS attacks have the potential to take down entire company websites, networks and as the Dyn attack demonstrated, almost the entire internet.

As attacks become more sophisticated, organisations will need to become more proactive in their approach to defend against attacks. Some of the largest attacks in history have been mitigated through the quick detection of DDoS protection firms.

Organisations should consider the use of a DDoS protection service that will detect abnormal traffic flows and redirect any DDoS traffic away from the network. Other security measures include securing network infrastructure through the use of a firewall, VPN, Anti-spam and other layers of DDoS defence techniques.

MetaCompliance specialises in creating the best Cyber Security awareness training available on the market. Our products directly address the specific challenges that arise from cyber threats and corporate governance by making it easier for users to engage in Cyber Security and compliance. Get in touch for further information on how we can help transform Cyber Security awareness within your organisation.

Other Articles on Cyber Security Awareness Training You Might Find Interesting

duckduckgo vs google EN

DuckDuckGo vs Google – 5 reasons why you should give up using Google!

You were not aware that DuckDuckGo is a search engine? Well, now you know. Since its founding in 2008, DuckDuckGo has made it its mission to develop a search engine that does not store or share personal data, quite unlike Google. Google’s business model is based less on data protection and more on personalised advertising. Without the storage of personal data, Google would virtually lose the air it breathes. However, Google is still the most used search engine, and there are reasons for that. Google does have one weakness, however, and that is data protection.
Read More »
dataprotection vs informationsecurity EN

Information Security vs Data Protection

Is this an issue for our ISO or our DPO, or is it much the same in either case? Who exactly is responsible for this incident, and is there a need to report it at all? In order to discuss the similarities and differences between information security and data protection, the first step is to define the two areas.
Read More »