DDoS attacks are known to overwhelm targeted websites/ web applications with illegitimate or seemingly legitimate but malicious requests to cause downtimes and crashes and bring them to a grinding halt, making them unavailable to legitimate users. But what most businesses and organizations do not know is that DDoS attacks are not a rare occurrence; they are much more common. In the past 2 years itself, the incidence has risen by 20% and the magnitude and severity of impact have risen by nearly 200%. The cumulative attacks in Q1 and Q2 of 2019 have equaled the total number of attacks in 2018! These facts and figures go to show that DDoS mitigation is imperative for organizations of all kinds and sizes.
Cyber-attackers and hacktivists are continuously leveraging technological advancements to hone their modus operandi and find creative ways to execute the most damaging DDoS attacks. There have been several instances of big DDoS attacks in the past 2 decades about which we will discuss in the section to follow. These instances of big DDoS attacks underscore the need to onboard a comprehensive, intelligent and continuously evolving DDoS protection service such as AppTrana.
GitHub 2018 and 2015
This is the biggest known DDoS attacks of all times wherein the source-code management/web hosting platform was flooded with a massive influx of traffic at the rate of 1.3TBps (the highest-ever recorded), sending packets at a rate of 126.9 million per second. The attack was orchestrated using mem caching method (a database caching system to improve website speed) instead of botnets to spoof GitHub’s IP address and amplify the requests sent to the platform. The attack lasted 10 minutes and the platform was unavailable for 5 minutes. The attack could be stopped within this timeframe only because the platform had DDoS protection in place. However, recovery took nearly 1 week.
Dyn, a major DNS provider, faced the second-largest DDoS attack. It directly disrupted the services of 80 of its clients (causing crashes and downtimes) including corporate heavyweights like Amazon, Netflix, Airbnb, Twitter, PayPal, Reddit, Spotify, Fox News, HBO, New York Times, Visa, etc. It was orchestrated using a massive botnet of 100,000 IoT devices (created by infecting vulnerable devices with a malware called Mirai) to overwhelm the Dyn platform with traffic spikes at the rate of 1.2TBps, lasting nearly 1 day. As a result of this attack, the company lost 14,500 domains and faced a total cost of USD 110 million.
One of the world’s largest news broadcasters, BBC, faced a series of DDoS attacks by anti-Islamic State (IS) group, New World Hacking. The attack brought the BBC’s on-demand TV service, iPlayer services, and radio services to a halt for nearly 3 hours with the significant disruption that lasted the entire day. The attack was orchestrated by leveraging 2 AWS-based DDoS tools to harness unlimited bandwidth and sent requests at the rate of 600 Gbps.
A leading spam-filtering organization which helped filter 80% of all spam, SpamHaus, was faced with a highly damaging DDoS attack in 2013. The attackers orchestrated a DNS reflection attack at the rate of 140-300 Gbps and lasted for a week nearly, heavily impacting their email servers, website, DNS IPs and offline services.
To effectively mitigate these attacks or at least minimize their impact, choose a comprehensive, multi-layered, intelligent and managed DDoS mitigation service such as AppTrana. AppTrana offers end-to-end and instantaneous defense against all types of DDoS attacks and real-time visibility into the security posture to ensure that your website/ web application is always available.
A Proactive approach is not a guarantee to stop all attacks, but it provides a foundation to
Prepare you to deal with it in a more agile and speedy manner post the breach (example applying the instant learnings and remediation in a web application firewall based on learnings from the new attacks).
At Indusface, Vivek owns the product roadmap and is responsible for gathering and prioritizing product and customer requirements, defining the product vision, working closely with engineering, sales, marketing and support to build and release the product and ensuring revenue and customer satisfaction goals are met. A technologist with 6+ years of product management experience and 10+ years of total professional work experience, Vivek has worked with domestic and international start-ups with proven ability to define, design and develop technology products, and effectively market product benefits and capabilities to customers.