Published on January 6th, 2021 | by Sunit Nandi0
Six Intriguing DDoS Attacks You Need to Know About
In our ever-connected world, we cannot avoid running into a threat or two. This danger is magnified online, where cybercrime is plentiful. But few could strike greater terror into the hearts of website owners and online service providers than Distributed Denial-of-Service or DDoS attacks.
Simply put, in a DDoS attack, hackers try to bring a website down by flooding it with too much traffic, often in the form of incoming messages, fake packets, or requests for connections. The networks are compromised by malware, which allows attackers to control them remotely. Once the server and network fail to accommodate the overwhelming traffic, there could be a crash.
While this is a huge problem in itself, there is even more sinister intent behind most DDoS attacks. In most cases, the attack is reinforced by ransom demands, usually in the form of Bitcoin or another cryptocurrency. To make matters worse, the number of DDoS attacks is expected to rise to a whopping 15.4 million by 2023.
Now, there is a lot of fascinating trivia that surrounds DDoS attacks. For one, a 15-year-old boy who went under the alias Mafiaboy infamously brought down some of the biggest commercial websites in the world, including Yahoo!, CNN, Amazon, Dell, and eBay. That act cost around $1.7 billion in economic damage in February 2000.
Here are six of the most interesting DDoS attacks you probably didn’t know about.
1. When a DDoS attack targeted some of the major US banks
Banks are, perhaps, some of the most secure institutions in the world. But even they suffer at the hands of cybercriminals. One of the most notorious attacks came in the fall of 2012 from a group of hackers called Izz ad-Din al-Qassam Cyber Fighters. The reason was a YouTube video the group deemed to be offensive to Muslims.
Their coordinated campaign focused on some of the biggest banking institutions in the United States, including Bank of America, Chase Bank, Wells Fargo, SunTrust, HSBC Holdings, and many more. It caused serious outages.
2. When a DDoS attack rendered thousands of websites unavailable
While it’s a great innovation, the Internet of Things (IoT) has also become the medium through which one of the largest DDoS attacks in history was orchestrated. This is what the botnet Mirai used to attack its targets on the morning of October 21st, 2016. The attack is said to have involved 100,000 malicious endpoints, amounting to the extraordinary strength of 1.3 Tbps.
The consequence was so severe in scale because it targeted the servers of Dyn, which controls much of the DNS infrastructure of the internet. The assault brought down some of the biggest sites like The Guardian, Twitter, Reddit, CNN, GitHub, The New York Times, and Netflix, among others.
3. When hackers brought down the BBC
The BBC suffered the most massive attack in its history when its entire domain, included on-demand television and radio player service, was brought down for three hours on New Year’s Eve of 2016. The attack lasted throughout the day, leaving a score of intermittent issues and endless complaints from subscribers. A group calling themselves the New World Hackers swiftly claimed responsibility for the attack, saying that it was a “test of power.”
One interesting thing about the hacker group was the fact that they were merely trying to test their server power by knocking down the BBC sites. The US-based group’s true aim was to take down ISIS-affiliated sites. They also took part in a campaign against the Klu Klux Klan.
4. When a World War II monument fueled a DDoS attack
The first major case of cyber warfare in response to a political conflict took place in Estonia in 2007. The root of the row was pointed to a World War II Red Army Memorial. Ethnic Estonians considered the statue as a symbol of Soviet oppression, whereas the Russian minority in Estonia viewed it as a symbol of victory over Nazism.
So, when the Estonian government decided to move the statue from downtown Tallinn to a military cemetery located in the outskirts of the city, all hell broke loose. It sparked huge outrage and prompted Russian-speakers to take to the streets, bringing about several nights of rioting and looting.
Things took a turn for the worse when the Estonian government, media outlets, and banks suffered a huge disruption in their online services. It caused tremendous chaos among ordinary Estonians who experienced sporadic interruptions on cash machines and online banking services. Government services were at a standstill, and newspapers and broadcasters couldn’t report the news. The attacks were said to come from Russian IP addresses.
5. When the Lizard Squad wiped out Xbox and PlayStation Network over Christmas
In 2014, PlayStation Network and Xbox Live were brought down by a series of DDoS attacks, resulting in millions of customers being knocked offline. Apart from rendering the networks useless, the attacks also cost the companies, Sony and Microsoft, a lot of money and tarnished their reputations.
The group responsible named themselves the Lizard Squad. Their tactic involved sending huge amounts of data towards particular IP addresses to overload the services and stop legitimate traffic. Two of the teenage members of the group were arrested and charged with computer crimes.
6. When Amazon fended off the largest DDoS attack in history
The attack came in like an avalanche, firing a mind-boggling 2.3 Tbps of traffic on Amazon Web Services (AWS) in February 2020. While Amazon refused to disclose the target and origin of the attack, it was confirmed that the attack was the largest ever recorded. It was thwarted thanks to the AWS Shield, which was designed to give protection to Amazon’s on-demand computing cloud platform’s customers.
The attackers attempted to use a vulnerable third-party server to intensify the data being sent out to the target’s IP address. The incident put AWS on a three-day “elevated threat” alert. Had the attackers succeeded, it would have cost Amazon untold financial implications.
DDoS attacks are becoming more and more common nowadays, especially during the pandemic, when everything happens online. Attackers have different motives, but the consequences are invariably financial losses and damaged reputations. That’s why tightening their security and protecting themselves from cyber threats should always be a top priority for website owners and internet providers.