The Top 5 Most Infamous and Damaging DDoS AttacksDecember 23, 2020 - 8 minutes read
Distributed Denial of Service (DDoS) attacks are getting bigger and more frequent, and they can reach any online service: websites, emails, and connected devices. A DDoS attack can slow down your device or completely stop it from working, and it doesn’t matter if your company is a small startup or if it’s an international corporation. Sometimes, DDoS attacks are even used as a distraction for the IT department while the hacker infiltrates the company’s data storage or network.
DDoS attackers are growing their botnet size (refers to the number of attacked devices that generate DDoS traffic) and with IT downtime costing companies from $300,000 to over $1,000,000 per hour, it’s important to see how a DDoS attack could reach your website or online service in the first place. Let’s look at the top five most damaging and notable DDoS attacks of all time.
2012: The Six Banks Attack
In mid-March of 2013, six major U.S. banks were the targeted victims of a wave of DDoS attacks. The attacks utilized hundreds of compromised servers using a botnet called Brobot. The attack hit at more than 60 gigabits per second. The banks that were affected were JPMorgan Chase, Citigroup, Bank of America, Wells Fargo, PNC Bank, and U.S. Bank.
In 2012, DDoS attacks were still pretty unknown, but attackers had a variety of DDoS attack strategies in their toolbelts. While the banks had protection against several different types of DDoS attacks, the attackers rained down a large variety of attack types on the banks until they found one that worked. What’s most interesting about this incident is that the military wing of the Palestinian Hamas organization, the Izz ad-Din al-Qassam Brigades, took credit for the attack. The banks, however, had incredible amounts of lost revenue, expenses in mitigation, loss in brand and image trustworthiness, and customer service issues.
2016: The MiraiKrebs and OVH Attacks
In mid-September of 2016, cybersecurity expert Brian Krebs’ blog was attacked with a hit of over 620 gigabits per second, much bigger than the attack on the banks. At the time, it was the largest DDoS attack ever recorded. Krebs had personally recorded almost 270 DDoS attacks since July 2012, but this was the largest attack he (or the Internet) had ever seen. The attack was carried out by the Mirai botnet which eventually compromised over 600,000 Internet of Things (IoT) applications and devices, like home routers, IP cameras, and video players. Although the Mirai botnet had been found in August, Krebs’ blog was its first major attack.
A few days after attacking Krebs’ blog, the Mirai botnet was used against OVH, one of Europe’s largest hosting companies, which hosts around 18 million websites and applications for over one million customers. The attack occurred on an unnamed OVH customer using about 145,000 bots, which created a hit of up to 1.1 terabits per second. It lasted seven days and marked the beginning of the growth of major, sophisticated, focused, and large-scale DDoS attacks.
2016: The MiraiDyn Attack
A few days after the OVH attack, a self-proclaimed author of the Mirai botnet released the source code as open-source software on hacker forums. This opened the doors for even amateur hackers to replicate the code and add mutations to it to make it unique and undetectable.
Less than one month later, in late October of 2016, Dyn, a Domain Name Service provider, was hit with an attack at one terabit per second. It set the record for the largest DDoS attack at that time. Some experts say that the attack reached up to 1.5 terabits per second. It affected large companies that utilized Dyn, like HBO, Github, Reddit, Twitter, PayPal, Airbnb, and Netflix, and made them inaccessible. Dyn later said that they saw “10s of millions of discrete IP addresses associated with the Mirai botnet” during the attack.
2018: The GitHub Attack
In late February of 2018, GitHub, a San Francisco-based platform used by software developers to share their code repositories, was hit with a DDoS attack lasting 20 minutes. The attack hit at 1.35 terabits per second, enough to take down even the most sophisticated of servers. GitHub later said they traced the traffic back to more than “a thousand different autonomous systems… across tens of thousands of unique endpoints.”
Although GitHub had strong protections in place, they could have never predicted the sheer size of the attack and thus didn’t have enough resources or server space to handle it. This attack is known for its scale and size, as well as famous for using Memcached, a popular database caching system that websites and networks use for speed optimization. The Memcached DDoS attack uses a standard command and supplies an amplification factor of up to 51,200 times.
2020: The AWS Attack
In February of 2020, Amazon Web Services was hit by the most extreme DDoS attack in recent history. It used a method called Connectionless Lightweight Directory Access Protocol (CLDAP) Reflection to target an unnamed AWS customer, similar to the OVH hosting attack in 2016. The technique identifies vulnerable third-party CLDAP servers and amplifies how much data is sent to the victim’s IP address by up to 70 times. The attack hit at 2.3 terabytes per second and lasted for three days. Surprisingly, experts say that the attack was much less severe than it could have been and that the customers of the AWS platform could’ve lost more revenue and sustained more brand damage.
The New Reality
The first DDoS attack happened in 1996 to Panix, an internet service provider, using a method called SYN flood. Since then, this technique has become a “classic” DDoS attack strategy for the growing number of attacks. Cisco forecasts that DDoS attack numbers will double from 2018 (7.9 million) to 2023 (over 15 million). And it’s becoming more difficult to deal with the sheer size of the attacks, especially since they’re using thousands or millions of devices; even a company like Amazon can’t handle the size, length, and frequency of DDoS attacks these days.
What’s the DDoS attack you remember most? Let us know in the comments below!Tags: app developers san francisco, cybersecurity San Francisco, ddos attack, internet of things app, internet of things app developer, internet of things app developers, internet of things app development, internet of things developer, IoT app developer San Francisco, iot app development, mobile app development San Francisco, San Francisco app developers, San Francisco app development, San Francisco IoT app development, San Francisco mobile app developer, san francisco mobile app developers, san francisco mobile developer, San Francisco tech