They managed to dump the work of the largest American banks and hosting AWS, broke the protection of GitHub and created a lot of problems!

Recently, distributed denial-of-service (DDoS) attacks have become commonplace. It doesn’t matter if you represent a small non-profit organization or a multinational conglomerate with a mass of separate structures – any of your online services are at risk.

E-mail, websites, and anything related to Internet access can all be significantly slow or stopped in a planned DDoS attack. What’s more, such attacks can also be used to distract you from your own cybersecurity – while they’re going through, you can part with important data without even thinking about it.

A DDoS attack is a set of actions designed to make the target resource inaccessible to ordinary users. Within its framework, detractors try to stop the service for a certain time with its significant overload. Botnets, a network of hacked devices, are often used for this purpose.

The first known distributed denial of service attack occurred in 1996. One of the oldest Internet providers named Panix was disconnected from the network within it due to SYN-flood, which today is considered a classic DDoS attack. Over the next few years, such online attacks became commonplace, and Cisco predicts that their usage will not increase, doubling from 7.9 million in 2018 to 15 million by 2023.

Photo Source: SPAR

However, it is also important to understand that the problem is not only the increase in DDoS attacks. As attackers create more and more large botnets from an army of hacked devices used to generate dangerous traffic, the scale of each online attack on different organizations is only increasing.

Attacks of distributed denial of service at a rate of one gigabit per second are enough to disconnect most conventional organizations from the Internet. But now, there are attacks generated by hundreds of thousands or even millions of devices that generate power exceeding one terabit per second. If you consider that an hourly simple IT company can cost between $300,000 and $1 million, it becomes clear how dangerous even a short DDoS attack can be for business.

This article will tell you about the largest DDoS attacks in the history of the Internet – the most noticeable to date. Their scale really strikes both power and consequences.

DDoS attack on Amazon Web Services (AWS) in 2020

Photo Source: Delo

Amazon Web Services is a gorilla in the world of cloud computing, weighing several centners. It was subjected to a DDoS attack of incredible size in February 2020, one of the most serious distributed denial-of-service attacks in recent times. However, it is important to understand that this attack was not directed at AWS services directly – no, the target was an unspecified client of this structure.

This DDoS attack used a lightweight directory access protocol (Connectionless Directory Access Protocol or CLDAP). This method is based on the vulnerabilities of third-party CLDAP servers – it increases the amount of data sent to the victim’s IP address by 56 to 70 times.

The DDoS attack lasted three days and reached an astounding speed of about 2.3 terabytes per second. Yes, the disruptions caused by this attack were not as large-scale for AWS hosting clients as they could have been, but they were still quite serious, including financially.

Mirai’s DDoS attacks on Brian Krebs and OVH’s 2016 blog

Brian Krebs own persona (source photo: “Hacker”)

Another major DDoS attack occurred on September 20, 2016. Its goal was the blog of cybersecurity expert Brian Krebs, which reached an impressive 620 gigabits per second. At that time, such an attack was considered the largest in the history of the Internet. Since July 2012, Krebs has registered 269 DDoS attacks, but this case was more than three times more serious than all his site saw.

The source of the DDoS attack was the Mirai botnet, which at its peak later in the year already consisted of more than 600,000 hacked Internet of Things (IoT) devices: IP cameras, home routers, video players, and so on. Mirai proved himself so strongly for the first time but later heard about it again.

Photo from OVH data center (Photo Source: OVH)

Mirai’s next DDoS attack took place on September 19. It was aimed at one of the largest European hosting providers named OVH. It has about 18 million applications for more than a million customers.

The attack, which lasted about seven days, was aimed specifically at one of OVH services’ structures. It was based on about 145,000 bots, which created a load of about 1.1 terabits per second. Then Mirai showed for the first time how powerful a DDoS attack could be. The size and complexity of the botnet structure were also impressive.

Mirai DDoS attack on Dyn in 2016

Before moving on to the third known Mirai DDoS attack in 2016, one related event should be mentioned. On September 30 of the same year, someone claiming to be the author of Mirai software published the project’s source code on one of the hacker forums. Since then, the platform has been duplicated and modified many times.

Map of the regions of the United States that were most caught by Mirai’s DDoS attack on Dyn in 2016 (source: Wikipedia)

The DDoS attack on Dyn, a major domain name service provider (DNS), occurred on October 21, 2016. Its power was one terabit per second, and according to some information, could reach 1.5 terabits per second – another “record” for the industry. Because of such a serious pressure, Dyn’s services were turned off, along with the fall of several well-known sites, including GitHub, HBO, Twitter, Reddit, PayPal, Netflix, and Airbnb.”We saw tens of millions of discrete IP addresses associated with the Mirai botnet that were part of the attack,” Kyle York, Dyn’s chief strategist, said at the time.

Mirai uses multi-vector attacks that are extremely difficult to defend against. Even though this botnet was responsible for the biggest attacks of that time, the most remarkable point was publishing the platform source code. It allowed almost anyone with minimal information technology skills to create a botnet and conduct a distributed DDoS attack.

DDoS attack on six major U.S. banks in 2012

Photo Source: La Informacion

On March 12, 2012, a wave of DDoS attacks hit six U.S. banks: Bank of America, JPMorgan Chase, US Bank, Citigroup, Wells Fargo, and PNC Bank. The attack was carried out by hundreds of servers captured by the Brobot botnet, each generating more than 60 gigabits of traffic per second.

At the time, such attacks were exciting in their duration. Yes, instead of immediately launching one maximum power attack, the attackers used multiple “shooting” in various ways. Apparently, they were looking for the one that would work most effectively. It turns out that even if the bank had protection against several specific types of DDoS attacks, it was completely helpless against many others.

Photo Source: Barron

The most notable aspect of the attacks on banks in 2012 was that they were carried out by the Izz al-Din al-Kassam Brigades, the military wing of the Palestinian Hamas organization. Several DDoS attacks have had a huge impact on affected banks regarding their revenue and the costs needed to mitigate the impact of customer service problems and branding and image.

DDoS attack on GitHub in 2018

Picture Source: The Software Report

On February 28, 2018, a software development platform called GitHub was attacked by A DDoS. Its speed reached 1.35 terabit per second, and the duration was approximately 20 minutes.”Traffic was tracked from over a thousand different autonomous systems (ASNs) through tens of thousands of unique endpoints,” GitHub described the DDoS attack.

Even though GitHub was very well prepared for DDoS attacks, its defense still could not resist. The site specialists simply did not even think that it could be launched an attack of this scale.

This DDoS attack was notable for its scale and its use of the standard Memcached command, a database caching system to speed up websites and networks. This attack technique is particularly effective because it provides a gain factor (the ratio of the query scale to the amount of DDoS traffic generated) up to 51,200 times.