DDoS attacks are getting stronger, and they happen more often every year. With the technology advance, there are many more connected devices out there. Billions of mobile phones and many “smart” connected gadgets are easily hackable. As IoT (internet of things) is getting more popular, but not secure enough, this danger will keep rising.
What are the DDoS attacks
Cybercriminals are high jacking many random connected devices around the world. The already corrupted devices are called botnet, it is a network that is waiting for instructions from the person in control. The hacker can instruct them to generate traffic to a specific target. The massive number of those devices cripples the defense of the target and brings it down. More about DDoS attacks HERE.
Back in 2013 this was the biggest attack of its time. The website of anti-spam company Spamhaus was down on 18.03.2013 due to a large layer 3 attack. Their servers couldn’t manage the load. The attack was around 75Gbps and back then this was unimaginable (currently there are some with more than 600Gbps). They manage to stop it by signing for Anycast service.
BBC DDoS Attack 2015
One of the biggest media corporations in the world was surprised by massive, unprecedented traffic. This made the BBC domain, their on-demand TV service, and radio player go offline for 3 hours. The cybercriminals responsible for it were the group New World Hackers.
Dyn DDoS attack 2016
A few years ago, on October 21st, 2016, the DNS provider Dyn was struck by a massive DDoS attack. Their servers were down, and for some time, big websites that they were hosting like Amazon, Netflix, Twitter, Reddit and more were out. The guilty of the attack was a botnet called Mirai which was made mostly from IoT devices.
Kerbs on Security 2016
In September 2016 just before the Dyn accident, there was another involving the Mirai botnet. The attack was very strong at around 665 Gbps, but that to the Kerbs’s security, they manage to resist it.
Blizzard DDoS attack 2017
If you are a gamer, you probably know Blizzard Entertainment, the brand behind Overwatch, World of Warcraft, StarCraft, and Diablo. This company is experiencing many attacks over the last years. Most noticeable was in August 2017. Many gamers were unable to connect to their server and play. These attacks are damaging the image of the company and the satisfaction of their clients.
Memcached attacks of March 2018
March was horrible month. We saw new attacks with a larger than ever before scale. There were two that set a record, the one that hit Arbor Networks with 1.7Tbps traffic and the other that hit GitHub with 1.35Tbps few days earlier. They both exploited the UDP port 11211. The UDP doesn’t use verification and that is the reason this was possible. You can read the full article on the topic HERE.
The different attacks of 2019
In 2019 we didn’t see huge attacks with +1Tbps power, but it wasn’t safe either.
Yes, there were some strong attacks of around 0.5 Tbps, but we paid attention more to the number of packets per second. In this kind of attack, the criminals do a little work, and the target does a lot of work. This is why they are called asynchronous. The attackers send small packets and receive big ones. The processing occupies the target’s resources.
Clients of Imperva had a rough start of the year. First, a strong attack of 500 million packets a second in January. It was considered one of the largest PPS (Packets Per Second) attacks known.
Later, on the 30th of April 2019, another client of them got attacked with 580 million PPS.
In September 2019, there was another strong attack that was targeting Wikipedia. The popular site didn’t provide information about the magnitude of the attack, but it was down several hours on different continents.
What can we expect this year?
- Attacks with a smaller bandwidth, but intense with a high PPS number. The cybercriminals are changing the strategies.
- Increase in the duration of the attacks. Some, they can go for weeks. DDoS protection solutions should be able to withstand longer than before.
- More sophisticated attacks. It is not just about the volume anymore. For example, the exploit can happen through a different port.
- More botnets are emerging. There is already a new version of Mirai, new botnet Cayosin, IoT number of devices is increasing, and with this, the number of botnet devices.
- The 5G adoption will also have a negative effect because not all of the devices are well-secured.
How to protect from DDoS attacks?
You can use a DDoS protected DNS plan. Such a plan will include different DDoS protected servers and many Anycast locations. This will do a load balancing that will help you reduce the traffic and spread it to different servers. This way the intense wave of traffic can be reduced and your servers can withstand the DDoS attack.
The DDoS attack won’t stop, nor they will be lighter. If your business demands your website to be up 100% of the time, you better be prepared with the right security measures.