Top 10 Most Well-Known DDoS Attacks
The threat of DDoS (Distributed Denial of Service) attacks is looming larger than ever over businesses and organizations, with more than a doubling of attacks in recent years. These attacks not only disrupt online services but can also cause significant operational and financial damage.
As they grow in both size and sophistication, understanding and mitigating these threats is paramount.
In our latest blog post, we will provide an insight into the nature of DDoS attacks and highlight the ten most significant attacks that have been recorded. We will also delve into the reasons why these attacks occur and outline how you can protect your systems.
Before We Look at the Biggest DDoS Attacks, Let’s Understand the Difference Between DOS and DDoS
Understanding DOS and DDoS Attacks
A Denial of Service (DOS) attack is an aggressive cyber strategy where an attacker aims to render a machine or network resource unavailable, cutting off access for legitimate users by disrupting the services of a host connected to the Internet.
Although effective, recent DOS attacks often go unreported in the public domain due to their relatively small scale and limited impact.
In contrast, a Distributed Denial of Service (DDoS) attack is essentially a DOS attack on steroids. It involves inundating a network with a flood of internet traffic that mimics genuine requests, using a multitude of compromised devices to target and overwhelm a single system.
The scale and intensity of these assaults are far greater, which is why all the examples we will discuss pertain to DDoS attacks.
How Are the Largest DDoS Attacks Measured?
When people think about DDoS attacks, they usually imagine volumetric attacks, which have been around since the late 1990s. Volumetric attacks work by overloading a target’s network with a massive amount of traffic, earning the name “floods” for their tactic of drowning the target in data.
The strength of these attacks is typically measured in bits per second, with the more extreme attacks reaching into the Gigabits per second range.
Simply put, a volumetric attack aims to flood a network to the point where it can’t cope, effectively shutting it down. While most attacks are under 1 Gbps, it’s worth noting that the size of the largest DDoS attacks is on the rise each year (as our DDoS attack examples will show).
10 Well-Known Examples of Distributed Denial of Service Attacks
| Attack Target | Year | Peak Size | Duration | Impact |
| Dyn | 2016 | 1.2 Tbps | Short | Major websites like Twitter, Reddit, and Netflix went offline |
| GitHub | 2018 | 1.35 Tbps | Short | Briefly knocked offline, mitigated within 10 minutes |
| BBC | 2015 | Unknown | Several hours | Entire domain including on-demand television and radio player knocked offline |
| Spamhaus | 2013 | 300 Gbps | Several days | Caused significant disruption to the wider internet |
| Cloudflare | 2020 | 754 Mpps | Short | Mitigated without any disruption to services |
| AWS | 2020 | 2.3 Tbps | Three days | Mitigated without any major disruption to services |
| 2017 | 2.5 Tbps | Six months | One of the largest DDoS attacks, mitigated without any disruption to services | |
| GitHub | 2015 | Unknown | Five days | Intermittently unavailable during the attack |
| Estonia | 2007 | Unknown | Three weeks | Significant disruption to Estonia’s online infrastructure |
| Code Spaces | 2014 | Unknown | Short | Led to Code Spaces going out of business |
Here are the top 10 most well-known DDoS attacks, their nature, and the impact they had:
- Dyn (2016)
In October 2016, a DDoS attack struck at the heart of the Internet, DNS provider Dyn, bringing down popular sites like Twitter, Reddit and Netflix. The attackers used a vast botnet called Mirai to infiltrate thousands of poorly secured IoT devices and bombard the DNS provider Dyn with junk data, shutting out millions of users.
This attack laid bare serious vulnerabilities in the infrastructure we’ve come to depend on. It demonstrated how devices, from IoT devices to web-enabled appliances, can be co-opted for disruption when security is an afterthought.
Impact: The attack caused widespread disruption of legitimate internet activity, affecting millions of users worldwide. It highlighted the vulnerability of the internet infrastructure and the potential for IoT devices to be exploited in DDoS attacks.
- GitHub (2018)
Source: GitHub
GitHub was hit by a massive DDoS attack that peaked at 1.35 Tbps. The attackers exploited memcached servers to amplify the attack, a technique that was relatively new at the time.
Impact: GitHub was briefly knocked offline, but the attack was mitigated within 10 minutes. The attack demonstrated the potential for new DDoS techniques to cause significant disruption, even to well-protected targets.
- BBC (2015)
In December 2016, the BBC was the target of a DDoS attack that made the broadcaster’s websites and web-based products inaccessible for several hours. The BBC’s entire domain, including its on-demand iPlayer for television and radio programming, was knocked offline during the incident.
A hacking collective known as New World Hacking claimed responsibility, stating they orchestrated the attack as a means of demonstrating their capabilities.
Impact: The outage prevented access for millions of BBC site and app users, underscoring the ability of DDoS tactics to cause major disruptions to media services. The BBC attack illustrates the challenges organizations face in mitigating and defending against attacks that flood servers with junk traffic to deny legitimate access.
- Spamhaus (2013)
Spamhaus, a non-profit organization that tracks spam operations, was hit by an attack that peaked at 300 Gbps. The attack was reportedly in retaliation for Spamhaus blacklisting the Dutch hosting company Cyberbunker.
Impact: While Spamhaus itself was able to stay online, the attack caused significant disruption to the wider internet, affecting millions of users. This DDoS example highlights the potential for attacks to be used as a form of retaliation.
- Cloudflare (2020)
Cloudflare, a major provider of distributed denial-of-service (DDoS) protection services, was targeted by an attack that reached a peak intensity of 754 million packets per second.
This latest DDoS attack leveraged a novel tactic involving the abuse of CLDAP servers to amplify the scale of the junk traffic used to overwhelm Cloudflare’s systems.
This attack underscores the ongoing race between the developers of DDoS tools and defenders working to maintain availability in the face of ever more powerful assaults. Adaptive and multilayered controls represent key strategies for mitigating modern DDoS threats.
Impact: Despite the massive flood of packets generated by the perpetrators, Cloudflare was able to successfully mitigate the attack without any noticeable degradation to its services or customer websites under its protection.
| No Business Is Too Small To be Attacked Every business has data, every business is a target for ransomware and hack |
- Amazon Web Services (2020)
AWS was hit by a DDoS attack that lasted for three days and peaked at 2.3 Tbps. The attackers exploited CLDAP servers to amplify the attack.
Impact: Despite the scale and duration of the attack, AWS was able to mitigate it without any major disruption to its services. This DDoS example demonstrates the potential for even the largest and most well-protected targets to be hit by DDoS attacks.
- Google (2017)
Google was on the receiving end of a highly sophisticated DDoS attack campaign lasting approximately six months, considered unprecedented in its scale and intensity.
At its peak, the attack directed a 2.5 Tbps flood of traffic across thousands of Google IP addresses spanning multiple geographic regions. According to Google’s analysis, the attack was sponsored by a nation-state actor.
Impact: Google stated that its defenses were able to successfully detect and mitigate the attack without major disruption. The attack highlights the growing operational capabilities of state-sponsored actors to deliver devastating DDoS at a massive scale.
- GitHub (2015)
In 2015, GitHub was the target of a five-day DDoS campaign that intermittently disrupted services on the popular code repository site. Investigation revealed that state-sponsored actors were likely behind the exploit, which specifically targeted two GitHub projects aimed at helping users in a particular geographic area circumvent state censorship controls.
The incident highlights how DDoS tactics can potentially be utilized as a form of censorship when deployed against sites hosting content deemed unfavorable by state entities.
Impact: While GitHub was able to stay online throughout most of the attack by implementing mitigation measures, the site experienced periodic outages over the five-day period that prevented access for some users.
- Estonia (2007)
The entire country of Estonia was targeted by a DDoS attack that lasted for three weeks. The attack was reportedly carried out by state-sponsored actors and targeted government, media, and financial websites.
Impact: The attack caused significant disruption to Estonia’s online infrastructure, affecting millions of users. It was one of the first examples of a large-scale, state-sponsored DDoS attack.
- Code Spaces (2014)
Code Spaces, a code hosting and software collaboration platform, was targeted by a DDoS attack that was part of a larger extortion attempt. When Code Spaces attempted to mitigate the attack, the attackers deleted most of their data and backups.
Impact: The attack targeted Code Spaces’s data and led to it going out of business. It highlighted the potential for DDoS attacks to be used as part of larger, more destructive attacks.
The True Cost of Recent DDoS Attacks
DDoS attacks can cost businesses in several ways:
Financial Losses
A DDoS attack can have an immediate and significant financial toll on businesses. If services or websites go down, revenue can be lost. Additionally, not meeting service-level agreements may activate financial penalties or compensation requirements.
Damage to Reputation
A DDoS attack can tarnish a company’s image, resulting in customer attrition and a potential downturn in future revenue.
Cost of Recovery
Recovering from a DDoS attack can incur considerable expenses, encompassing the outlay for IT services to reinstate systems, and possibly, regulatory penalties or legal fees.
| More reading you might like: |
Why Are DDoS Attacks Launched?
DDoS attacks are far from haphazard disruptions; they’re strategic and intentional. The drivers behind these attacks are as diverse as the tactics employed to launch them. Here’s a closer look at why DDoS attacks are initiated.
Financial Interests Propel Numerous DDoS Attacks
Often, DDoS attacks are a means to an economic end. Cybercriminals use these tactics to extort money from companies by halting the onslaught only when paid off. In some scenarios, they might be contracted by competitors to hinder a business rival’s operations. The pursuit of financial rewards is a common incentive for many who orchestrate DDoS attacks.
Political and Cyber Warfare Motives
DDoS attacks can be instruments for those pursuing political goals or engaging in cyber warfare. Activists may deploy DDoS attacks to draw attention to a cause or to disrupt the activities of specific organizations or governments. Similarly, nation-states may utilize these attacks within broader cyber warfare tactics, aiming to disrupt critical infrastructure and sow chaos.
The Lure of Disruption
There are instances where individuals or groups execute attacks purely for the disruption they cause, driven by a desire for excitement or notoriety within certain circles. These perpetrators often initiate attacks as a challenge or to boast about their capabilities in the hacker community.
Distraction for Further Malfeasance
At times, DDoS attacks are diversions, creating a shield of chaotic traffic under which other nefarious activities can occur. With the defensive efforts focused on DDoS response, attackers might engage in data theft or network infiltration unnoticed.
How the Right IT and Cybersecurity Partner Can Help
In the current digital era, the question isn’t if a DDoS attack will occur, but when. Given their potentially devastating impact on business operations and reputation, a robust defense strategy is not just advisable; it’s imperative. This is where the right IT and cybersecurity partner becomes invaluable.
Proactive Protection Measures
A seasoned IT and cybersecurity firm specializes in laying down multiple layers of defense to safeguard your assets before an attack happens. These measures include setting up firewalls, intrusion detection systems, and configuring network architecture in a way that can absorb and diffuse a DDoS attack’s impact.
Immediate Response and Mitigation
When an attack is detected, time is of the essence. An experienced partner will have the capabilities to immediately recognize the signs of a DDoS attack and swiftly enact mitigation strategies. These can range from rerouting traffic, filtering out malicious packets, to deploying anti-DDoS technology that can counteract an ongoing attack.
Regular System Updates and Patch Management
Keeping systems updated with the latest security patches is a fundamental yet often neglected aspect of cybersecurity. An IT partner ensures that your systems are not left vulnerable due to outdated software, providing an additional safeguard against the exploitation of known vulnerabilities.
24/7 Monitoring and Support
Continuous monitoring is critical for early detection of unusual activity that could signal the onset of a DDoS attack. A dedicated cybersecurity team can monitor your network around the clock, responding in real-time to potential threats.
Education and Training
Knowledge is a powerful defense. A cybersecurity partner can educate your staff about the signs of a DDoS attack, training them in best practices for prevention and response. Empowering employees with this knowledge can be the difference between a minor incident and a catastrophic one.
Recovery and Post-Attack Analysis
After an attack, it’s crucial to return to normal operations as quickly as possible. A competent IT partner helps with recovery efforts and conducts a post-incident analysis to identify how the attack happened and how to prevent similar incidents in the future.
Strategic Planning for Long-Term Security
Finally, beyond the immediate threat of DDoS attacks, a strategic IT and cybersecurity partner works with you to plan for long-term digital security. This includes regular assessments, updates to your security policies, and the evolution of your defense measures to meet emerging threats.
A strong IT and cybersecurity partnership is essential to not only defend against the rising tide of DDoS attacks but also to maintain resilience and assure continued trust in your digital services.
Search from thousands of qualified IT and security partners to find the right fit for your business.
Author: CloudSecureTech
Happily providing insights and thought leadership for businesses to understand technology and cybersecurity! We help you leverage the best IT and technology services providers who you can trust.
