DDoS attacks are known to overwhelm targeted websites/ web applications with illegitimate or seemingly legitimate but malicious requests to cause downtimes and crashes and bring them to a grinding halt, making them unavailable to legitimate users. But what most businesses and organizations do not know is that DDoS attacks are not a rare occurrence; they are much more common. In the past 2 years itself, the incidence has risen by 20% and the magnitude and severity of impact have risen by nearly 200%. The cumulative attacks in Q1 and Q2 of 2019 have equaled the total number of attacks in 2018! These facts and figures go to show that DDoS mitigation is imperative for organizations of all kinds and sizes.
Reference: https://www.comparitech.com/blog/information-security/ddos-statistics-facts/
Cyber-attackers and hacktivists are continuously leveraging technological advancements to hone their modus operandi and find creative ways to execute the most damaging DDoS attacks. There have been several instances of big DDoS attacks in the past 2 decades about which we will discuss in the section to follow. These instances of big DDoS attacks underscore the need to onboard a comprehensive, intelligent, and continuously evolving DDoS protection service such as AppTrana.
This is the biggest known DDoS attack of all times wherein the source-code management/web hosting platform was flooded with a massive influx of traffic at the rate of 1.3TBps (the highest-ever recorded), sending packets at a rate of 126.9 million per second. The attack was orchestrated using the mem caching method (a database caching system to improve website speed) instead of botnets to spoof GitHub’s IP address and amplify the requests sent to the platform. The attack lasted 10 minutes and the platform was unavailable for 5 minutes. The attack could be stopped within this timeframe only because the platform had DDoS protection in place. However, recovery took nearly 1 week.
GitHub also faced a politically motivated DDoS attack in 2015 wherein browsers of everyone visiting Baidu (a popular web search platform in China) were infected with JavaScript Code, creating a botnet. The infected systems sent voluminous HTTP requests to the platform, causing downtimes across the GitHub network.
Dyn, a major DNS provider, faced the second-largest DDoS attack. It directly disrupted the services of 80 of its clients (causing crashes and downtimes) including corporate heavyweights like Amazon, Netflix, Airbnb, Twitter, PayPal, Reddit, Spotify, Fox News, HBO, New York Times, Visa, etc. It was orchestrated using a massive botnet of 100,000 IoT devices (created by infecting vulnerable devices with malware called Mirai) to overwhelm the Dyn platform with traffic spikes at the rate of 1.2TBps, lasting nearly 1 day. As a result of this attack, the company lost 14,500 domains and faced a total cost of USD 110 million.
One of the world’s largest news broadcasters, BBC, faced a series of DDoS attacks by the anti-Islamic State (IS) group, New World Hacking. The attack brought the BBC’s on-demand TV service, iPlayer services, and radio services to a halt for nearly 3 hours with the significant disruption that lasted the entire day. The attack was orchestrated by leveraging 2 AWS-based DDoS tools to harness unlimited bandwidth and sent requests at the rate of 600 Gbps.
A leading spam-filtering organization that helped filter 80% of all spam, SpamHaus, was faced with a highly damaging DDoS attack in 2013. The attackers orchestrated a DNS reflection attack at the rate of 140-300 Gbps and lasted for a week nearly, heavily impacting their email servers, website, DNS IPs, and offline services.
To effectively mitigate these attacks or at least minimize their impact, choose a comprehensive, multi-layered, intelligent, and managed DDoS mitigation service such as AppTrana. AppTrana offers end-to-end and instantaneous defense against all types of DDoS attacks and real-time visibility into the security posture to ensure that your website/ web application is always available.
Conclusion:
A Proactive Approach is not a guarantee to stop all attacks, but it provides a foundation to
This post was last modified on January 2, 2024 17:30
Explore crucial tactics like Asset Inventory, Patch Management, Access Control & Authentication, and additional best… Read More
Delve into the data privacy questions including consent protocols, data minimization strategies, user rights management,… Read More
Secure Node.js APIs using best practices: Employ proper HTTP methods, robust authentication, and API-specific security… Read More