As more companies become reliant upon online services like cloud computing and take steps to improve their network security accordingly, distributed detail of service (DDoS) attacks have become a more attractive strategy for hackers looking to create chaos and disruption. Easy to organize and execute, recent DDoS attacks have become more sophisticated and intense over the last decade and show little sign of slowing. Although organizations and data centers have ramped up their cybersecurity efforts to mitigate the impact of these attacks, they can still be quite damaging for both the companies targeted and the customers who rely upon their services to do business.
Although recent DDoS attacks declined slightly in 2018, the first quarter of 2019 saw an 84 percent increase over the previous year. Both the size and frequency of those attacks increased, with the largest growth coming in attacks lasting over an hour. Not only did these attacks double in quantity, their average length also increased by 487 percent. As attacks increasingly utilize multiple attack vectors, cybersecurity experts are turning to artificial intelligence and machine learning to identify attack patterns and bolster their DDoS mitigation.
A popular online code management service used by millions of developers, GitHub is used to high traffic and usage. What it wasn’t prepared for was the record breaking 1.3 Tbps of traffic that flooded its servers with 126.9 million packets of data each second. The attack was the biggest recorded DDoS attack, but amazingly the onslaught only took GitHub’s systems down for about 20 minutes. This was largely due to the fact that GitHub utilized a DDoS mitigation service that detected the attack and quickly took steps to minimize the impact.
Unlike many recent DDoS attacks, the GitHub attack didn’t involve botnets. Instead, the DDoS attackers used a strategy known as memcaching, in which a spoofed request is delivered to a vulnerable server that then floods a targeted victim with amplified traffic. Memcached databases are commonly used to help speed up websites and networks, but have recently been weaponized by DDoS attackers.
As a major DNS provider, Dyn was crucial to the network infrastructure of several major companies, including Netflix, PayPal, Visa, Amazon, and The New York Times. Using a malware called Mirai, unidentified hackers created a massive botnet incorporating internet of things (IoT) devices to launch what was at the time the largest recorded DDoS attack. The assault had massive trickle-down effects, as many of Dyn’s customers found their websites crippled by DNS errors when Dyn’s servers went down. Although the problems were sorted out and service restored by the end of the day, it was a frightening reminder of the fragility of network infrastructure.
On the last day of 2015, a group called “New World Hacking” launched a 600 Gbps attack using its BangStresser application tool. The attack took the BBC’s sites, including its iPlayer on-demand service, down for about three hours. Aside from its sheer size, which was the biggest DDoS attack on record at that time, the most noteworthy aspect of the BBC attack was the fact that the tool used to launch it actually utilized cloud computing resources from two Amazon AWS servers. For IT security professionals who had long trusted Amazon’s reputation for security, the notion that DDoS attackers had found a way to leverage the bandwidth of a public cloud computing service to power their assault was particularly troubling.
In 2013, Spamhaus was an industry-leading spam filtering organization, removing as much as 80% of spam emails. This made them an attractive target for scammers, who ultimately hired a teenage hacker in Britain to launch a massive offensive to take down Spamhaus’s systems. Clocking in at 300 Gbps, this assault was the biggest DDoS attack recorded at that time. When Spamhaus responded to the threat by turning to a DDoS mitigation service, the attacker shifted focus to try to bring it down as well, which caused network disruptions throughout Britain as other companies were caught in the crossfire.
In September and October of 2012, a group identifying itself as “Izz ad-Din al-Qassam Cyber Fighters” launched several DDoS attacks against US banks, allegedly in response to a controversial film trailer on YouTube. Later that year, the group promised to expand the scope of its attacks. In December, it followed through by hitting six prominent banks over the course of three days, disrupting services and causing severe slowdown. While the attack was larger than those from a few months prior, the earlier wave left cybersecurity experts better prepared to deal with the botnet tactics the group deployed. At its peak, the attacks reached 63.3 Gbps.
As recent DDoS attacks continue to evolve, cybersecurity experts are working hard to counter their effects and diminish their impact. While a DDoS attack is still something every company should be concerned about, there are many ways to safeguard operations against them, from DDoS mitigation services to data center options like blended ISP connectivity. These efforts may not be able to make DDoS attacks a thing of the past, but they’re making them a less effective strategy for disrupting operations and services.