Home DDos Protection Service Famous DDoS Attacks
Categories: DDoS

Famous DDoS Attacks

Choosing DDoS solution

DDoS attacks are known to overwhelm targeted websites/ web applications with illegitimate or seemingly legitimate but malicious requests to cause downtimes and crashes and bring them to a grinding halt, making them unavailable to legitimate users. But what most businesses and organizations do not know is that DDoS attacks are not a rare occurrence; they are much more common. In the past 2 years itself, the incidence has risen by 20% and the magnitude and severity of impact have risen by nearly 200%. The cumulative attacks in Q1 and Q2 of 2019 have equaled the total number of attacks in 2018! These facts and figures go to show that DDoS mitigation is imperative for organizations of all kinds and sizes.

Reference: https://www.comparitech.com/blog/information-security/ddos-statistics-facts/

Cyber-attackers and hacktivists are continuously leveraging technological advancements to hone their modus operandi and find creative ways to execute the most damaging DDoS attacks. There have been several instances of big DDoS attacks in the past 2 decades about which we will discuss in the section to follow. These instances of big DDoS attacks underscore the need to onboard a comprehensive, intelligent, and continuously evolving DDoS protection service such as AppTrana.

Most Famous DDoS Attacks

GitHub 2018 and 2015

This is the biggest known DDoS attack of all times wherein the source-code management/web hosting platform was flooded with a massive influx of traffic at the rate of 1.3TBps (the highest-ever recorded), sending packets at a rate of 126.9 million per second. The attack was orchestrated using the mem caching method (a database caching system to improve website speed) instead of botnets to spoof GitHub’s IP address and amplify the requests sent to the platform. The attack lasted 10 minutes and the platform was unavailable for 5 minutes. The attack could be stopped within this timeframe only because the platform had DDoS protection in place. However, recovery took nearly 1 week.

GitHub also faced a politically motivated DDoS attack in 2015 wherein browsers of everyone visiting Baidu (a popular web search platform in China) were infected with JavaScript Code, creating a botnet. The infected systems sent voluminous HTTP requests to the platform, causing downtimes across the GitHub network.

Dyn 2016

Dyn, a major DNS provider, faced the second-largest DDoS attack. It directly disrupted the services of 80 of its clients (causing crashes and downtimes) including corporate heavyweights like Amazon, Netflix, Airbnb, Twitter, PayPal, Reddit, Spotify, Fox News, HBO, New York Times, Visa, etc.  It was orchestrated using a massive botnet of 100,000 IoT devices (created by infecting vulnerable devices with malware called Mirai) to overwhelm the Dyn platform with traffic spikes at the rate of 1.2TBps, lasting nearly 1 day. As a result of this attack, the company lost 14,500 domains and faced a total cost of USD 110 million.

BBC 2015

One of the world’s largest news broadcasters, BBC, faced a series of DDoS attacks by the anti-Islamic State (IS) group, New World Hacking. The attack brought the BBC’s on-demand TV service, iPlayer services, and radio services to a halt for nearly 3 hours with the significant disruption that lasted the entire day. The attack was orchestrated by leveraging 2 AWS-based DDoS tools to harness unlimited bandwidth and sent requests at the rate of 600 Gbps.

SpamHaus 2013

A leading spam-filtering organization that helped filter 80% of all spam, SpamHaus, was faced with a highly damaging DDoS attack in 2013. The attackers orchestrated a DNS reflection attack at the rate of 140-300 Gbps and lasted for a week nearly, heavily impacting their email servers, website, DNS IPs, and offline services.

To effectively mitigate these attacks or at least minimize their impact, choose a comprehensive, multi-layered, intelligent, and managed DDoS mitigation service such as AppTrana. AppTrana offers end-to-end and instantaneous defense against all types of DDoS attacks and real-time visibility into the security posture to ensure that your website/ web application is always available.

Conclusion:

  • All types of businesses, independent of the nature of their service, are prone to DDoS attacks.
  • If something is online and doing transactions and dealing with data, there is a risk of attack.
  • A proactive approach to mitigate risk can and should be taken and is worth the investment than addressing it post-incident.

A Proactive Approach is not a guarantee to stop all attacks, but it provides a foundation to

  1. Minimize and mitigate the attacks and reduce your probability of a breach
  2. Prepare you to deal with it in a more agile and speedy manner post the breach (for example applying the instant learnings and remediation in a web application firewall based on learnings from the new attacks).

Vivek Gopalan

Vivekanand Gopalan is a seasoned entrepreneur and currently serves as the Vice President of Products at Indusface. With over 12 years of experience in designing and developing technology products, he has a keen eye for building innovative solutions that solve real-life problems. In his previous role as a Product Manager at Druva, Vivek was instrumental in creating the core endpoint data protection solution which helped over 1500 enterprises protect over a million endpoints. Prior to that, he served as a Product Manager at Zighra, where he played a crucial role in reducing online and offline payment fraud by leveraging mobile telephony, collective intelligence, and implicit user authentication. Vivek is a dynamic leader who enjoys building and commercializing products that bring tangible value to customers. In 2010, before pursuing MBA, he co-founded a technology product company, Warmbluke and created a first-of-its-kind innovative Civil Engineering estimator software called ATLAS. The software was developed for both enterprise and for SaaS users. The product helps in estimating the construction cost using CAD drawings. Vivek did his MBA from Queen's University with Specialization in New Ventures. He also holds a Bachelor of Technology degree in Information Technology from Coimbatore Institute of Technology, Anna University, one of the prestigious universities in India. He is the recipient of the D.D. Monieson MBA Award, Issued by Queen's School of Business, presented to a student team which has embraced the team-learning model and applied the management tools and skills to become a peer exemplar. In his spare time, Vivek likes to go on hikes and read books.

This post was last modified on January 2, 2024 17:30

Share
Vivek Gopalan
Published by
Vivek Gopalan
Tags: DDos Protection Service
5 years ago

Recent Posts

Top 10 Best Practices for Attack Surface Reduction

Explore crucial tactics like Asset Inventory, Patch Management, Access Control & Authentication, and additional best… Read More

13 hours ago

10 Important Data Privacy Questions You Should be Asking Now

Delve into the data privacy questions including consent protocols, data minimization strategies, user rights management,… Read More

2 days ago

11 Best Practices to Secure your Nodejs API

Secure Node.js APIs using best practices: Employ proper HTTP methods, robust authentication, and API-specific security… Read More

5 days ago