The DDoS of The Year!

If you are looking for a rapidly growing segment of the IT world, then DDoS attacks is the place to find exponential growth. There are many reports by many companies in the field of DDoS protection, and the numbers vary in some cases. But the trend is more than clear.

According to the Verisign DDoS Trends Report for the second quarter of 2016, the number of distributed denial of service (DDoS) attacks increased by 75% year over year. According to researchers with NexusGuard, there was an 83% increase of DDoS attacks in the second quarter of 2016 compared to the first quarter. The numbers don’t lie – DDoS is a serious problem with a rapid growth pattern.

How One AI-Driven Media Platform Cut EBS Costs for AWS ASGs by 48%

How One AI-Driven Media Platform Cut EBS Costs for AWS ASGs by 48%
A computer keyboard featuring a green key labeled 'DDOS Attack'.
Image Source

DDoS Attacks Can Now Reach 1Tbps

The sheer amount of traffic that these DDoS attacks are generating is huge. Researchers with Arbor Networks report that in the first half of 2016, there were 274 attacks sized over 100 Gbps compared to just 223 in all of 2015. And there were 46 attacks sized over 200 Gbps in the first half compared to 16 in all of 2015. Here are some of the biggest DDoS attacks the web experienced this year:

September 22nd marked a new record in the DDoS world. OVH, one of the world’s largest hosting companies, reported on that day that its systems were hit by distributed denial-of-service (DDoS) attacks that reached nearly one terabit per second (Tbps). Octave Klaba, the founder and CTO of OVH, revealed on Twitter that the company detected a “lot of huge DDoS” in the past days. A screenshot posted by Klaba shows multiple attacks that exceed 100 Gbps, including simultaneous attacks that totaled nearly 1 Tbps. According to the OVH founder, the massive DDoS attack was carried out via a network of over 152,000 IoT devices that includes compromised CCTV cameras and personal video recorders.

A black and white image of two security cameras mounted under a light fixture
Image Source

Tweet this: September 22nd: over 152,000 IoT devices used in nearly 1 Tbps DDoS attack

On  September 20, cybersecurity blogger Brian Krebs website was hit with what experts say is one of the biggest Distributed Denial of Service (DDoS) attack in public internet history, knocking it offline for days with a furious 600 to 700 Gbps (Gigabits per second) traffic surge. According to Akamai, which had the hard job of attempting to protect Krebs’s site, the attack was twice the size of any DDoS event the firm had ever seen before, easily big enough to disrupt thousands of websites let alone one.

The year itself was opened with a record. A group calling itself New World Hacking claimed responsibility for taking down both the BBC’s global website and Donald Trump’s website. It targeted all BBC sites, including its iPlayer on-demand service, and took them down for at least three hours on New Year’s Eve. At the peak of the attack, the amount of traffic launched at BBC was 602 Gbps, though some other smaller numbers have been introduced since then.

Arbor security informed the world that Rio 2016 Olympics was a success in terms of mitigating powerful, prolonged DDoS attacks. Public facing websites belonging to organizations affiliated with the 2016 Rio Olympics were targeted by sustained, sophisticated DDoS attacks reaching up to 540Gbps, according to Arbor Networks. Many of these attacks started months before the Olympic Games had begun, but the security company said that attackers increased their efforts significantly during the games, generating the longest-duration sustained 500Gbps+ DDoS attack Arbor has ever seen.

Colorful logo for the Rio 2016 Olympics featuring a stylized depiction of Christ the Redeemer and various symbols.
Image Source

Tweet this: Sophisticated 500Gbps+ DDoS attacks were successfully mitigated during Rio 2016 Olympics

Perpetrator Techniques Are Getting Increasingly Sophisticated

According to security firm Imperva Incapsula, a 470 gigabits per second (Gbps) distributed denial of service (DDoS) attack on an unnamed gambling website has been described as one of the largest and most complex assaults to date. The perpetrators’ multi-vector approach reached a packet-per-second peak of 110 million, although the assault was quickly mitigated by a security firm. The attack reportedly lasted just over four hours on 14 June and was notable not only for the strength of the assault, but also the multi-vector approach that mixed “nine different payload (packet) types“.

Last June the F5 Security Operations Center (SOC) observed a sizeable 448 Gbps UDP/ICMP fragmentation flood destined primarily towards one specific subnet. It ramped up extremely quickly and dropped drastically back down over the length of about nine minutes. As is common in UDP floods, the attackers sent highly-spoofed UDP packets at a very high packet rate using a large distributed source IP range. In this specific attack, over 100,000 IP addresses were used. The company refused to name the target, but admitted the attack destination is a U.S.-based financial institution that is routinely targeted.

Middle of July saw a well-coordinated attack that shut down several ISIS aka Daesh websites in Nice and Middle Eastern countries. An attacker going by the handle of ”Mons” conducted a series of DDoS attacks using NetStresser, the famous DDoSing tool which was allegedly used to shut down BBC’s servers. the attack on pro-ISIS websites varied from 50 Gbps to 460 Gbps.  

Mons further stated that ”We worked together to take down several ISIS websites. This is for obvious reasons. We want to help in any way we can to weaken their influence that threatens and, to some length, literally destroys our very democracy and human rights”.

Screenshot of NetStress v0.2,a DDoS and network stress testing software interface showing various input fields.
Image Source

Tweet this: A series of DDoS attacks that brought down ISIS sites was executed using NetStresser DDoS tool

Since last May, unknown attackers have been directing an ever-changing army of bots in a distributed denial of service (DDoS) attack against NS1, a major DNS and traffic management provider. Rather than dumping raw data on NS1’s servers with amplification attacks—where an attacker sends spoofed DNS requests to open DNS servers that will result in large blocks of data being sent in the direction of the target—the attackers sent programmatically generated DNS lookup requests to NS1’s name servers, at rates reaching 300 Gbps. Some say it is a preliminary before a try to shut down the internet itself.

A massive DDoS attack was staged this July on the servers of the Internet service provider that provides web streaming for the RT TV channel, during the coverage of the attempted coup in Turkey, briefly taking the stream offline. “We received a major DDoS attack, touching the 300 Gbps, when the Turkish coup started, second one from when we started streaming RT; this time HTTP header were infested with some new code which our Firewall did not detect,” a representative of the service provider told RT.

The new freshhold of 100 Gbps is becoming a reality. There are more attacks at this level, which was only last year considered extremely high, than experts can count. Akamai alone published Nineteen distributed denial-of-service (DDoS) attacks that exceeded 100 Gbps during the first three months of the year, hitting a new record, according to its researchers. We are still waiting to see how the year will end.

Latest Articles

Complying with AWS’s RI/SP Policy Update: Save More, Stress Less

Shared Reserved Instances (RIs) and Savings Plans (SPs) have been a common workaround for reducing EC2 costs, but their value has always been limited. On average, these shared pools deliver only 25% savings on On-Demand costs—far below the 60% savings achievable with automated reservation tools. For IT and DevOps teams, the trade-offs include added complexity, […]

Itay Tal Head of Cloud Services
5th December, 2024
The Future of Cybersecurity: Shlomo Kramer’s Bold Predictions for the SASE Era

What does the next decade of cybersecurity hold? Few can answer that better than Shlomo Kramer—co-founder of Check Point and Imperva, and founder & CEO of Cato Networks. In a candid conversation on the CloudNext podcast, Shlomo shared bold predictions and actionable strategies for navigating the challenges and opportunities ahead. From the rise of SASE […]

Ganesh The Awesome Senior Pre & Post-Sales Engineer at GlobalDots
4th December, 2024
Three Ways CISOs Can Combat Emerging Threats in 2025

73% of CISOs fear a material cyberattack in the next 12 months, with over three-quarters convinced AI is advancing too quickly for existing methods to combat it. But what can CISOs do to prepare for the coming wave – and access the resources they need to deal with this evolving threat landscape? To find out, […]

11th November, 2024
How Optimizing Kafka Can Save Costs of the Whole System

Kafka is no longer exclusively the domain of high-velocity Big Data use cases. Today, it is utilized on by workloads and companies of all sizes, supporting asynchronous communication between even small groups of microservices.  But this expanded usage has led to problems with cost creep that threaten many companies’ bottom lines. And due to the […]

Itay Tal Head of Cloud Services
29th September, 2024

Unlock Your Cloud Potential

Schedule a call with our experts. Discover new technology and get recommendations to improve your performance.

    GlobalDots' industry expertise proactively addressed structural inefficiencies that would have otherwise hindered our success. Their laser focus is why I would recommend them as a partner to other companies

    Marco Kaiser
    Marco Kaiser

    CTO

    Legal Services

    GlobalDots has helped us to scale up our innovative capabilities, and in significantly improving our service provided to our clients

    Antonio Ostuni
    Antonio Ostuni

    CIO

    IT Services

    It's common for 3rd parties to work with a limited number of vendors - GlobalDots and its multi-vendor approach is different. Thanks to GlobalDots vendors umbrella, the hybrid-cloud migration was exceedingly smooth

    Motti Shpirer
    Motti Shpirer

    VP of Infrastructure & Technology

    Advertising Services