Knowledge Base

Largest DDoS Attack Ever Caught

Published on: September 17, 2020

Largest DDoS Attack Ever Caught

The Distributed Denial-of-Service (DDoS) attacks are the biggest reality for global businesses today. A number of big and small businesses have faced dire consequences due to the DDoS attacks in the past few years. Amazon and Github have reported the biggest two attacks in history this year. Amazon Web Service (AWS) survived a 2.3 Tbps DDoS attack in February this year, which is the biggest attack in history to-date. Previously, Github sustained the biggest attack of 1.35 Tbps reported in 2018.

Talking about the DDoS attack against Github, it was the biggest attack in history by 2018. It was delivered without the involvement of a botnet. It was a virtual one-two punch which put Github in a spot of bother but the company managed to sustain the attack. Imperva emerged as the contender for the recipient of the biggest DDoS attack ever in January 2019 when it recorded the attack involving 500 million packets per second.

Three months later, the company announced receiving another attack which was even larger in the pedigree as it recorded 580 million packets per second. When compared with Github’s reported attack (129.6 million packets per second), we can say that the largest DDoS attack was reported in April 2019 (580 million PPS) with regards to packets per the second category.

Before we discuss in detail the biggest-ever DDoS attacks ever, let’s first explore how to measure these attacks.

Consequences of a DDoS attack
Consequences of a DDoS attack; Source: Europol

Ways to Measure DDoS Attacks

There are two ways to measure DDoS attacks, i.e. by bandwidth and by packets. Both of these are different from each other and one may be trickier than the other. Since it is difficult to ascertain which one is more difficult to recover, let’s have a look at the four biggest DDoS attacks ever reported. These attacks are both measured by rate and by packets per second.

A lot has already been reported and written about the two attacks on Github and Imperva. However, the biggest attack of all was reported on February 17 this year when Amazon Web Services reported 2.3 terabytes per the second attack.

Fortunately, Amazon’s AWS Shield not only observed but also mitigated the attack. The company also issued research which discovered a significant rise in the total number of DDoS attacks in the first quarter of 2020 when compared with the fourth quarter of 2019 (10%) and the first quarter of 2019 (23%).

The First-Ever DDoS Attack

The first DDoS attack was recorded in 1996 by Panix, which is one of the earliest internet service providers. The SYN flood attack had put the ISP lifeless for many days. According to an estimation by Cisco, the total number of DDoS attacks is likely to double from 7.9 million in 2018 to 15 million by the Year 2023.

The Attack on Imperva

When we take a look at the attack on an Imperva’s client in January 2019, we find an SYN DDoS attack that used 500 million packets per second. The Imperva’s client also reported that each of the packets used in the attack ranged from 800-900 bytes in size.

It might not have looked as large as it actually was but you can calculate the impact to know how destructing it was. If we take the size of each packet at approximately 850 bytes per second and multiply it with 500 million packets, it results in 396 Gbps or 425 million bytes or 3.4 trillion bits. This is how gigantic it actually was.

The Attack on Github

The method used in the attack on Imperva’s client was quite different from the one that was used in the Github attack. In this attack, cybercriminals used memcaching techniques+. Github is a developer platform renowned for offering source code management and distributed version control for Git, which is a version control system. This system identifies changes in computer files and helps different people working on the same file coordinate with each other.

On February 28, 2018, GitHub assessed a DDoS attack with a digital system. In about 10 minutes, Github called Akami to help it mitigate the attack. Akamai responded as a de-facto intermediary and started filtering the traffic with its systems. In about eight minutes, Akamai made the attackers relented.

Josh Shaul, Vice President of Web Security at Akamai, said, “We modelled our capacity based on five times the biggest attack that the internet has ever seen. So I would have been certain that we could handle 1.3 Tbps, but at the same time, we never had a terabit and a half come in all at once. It’s one thing to have the confidence, it’s another thing to see it actually play out how you’d hope.”

Before Github, the previous biggest-ever DDoS attack was reported in 2016 against Dyn that hit the company at 1.2 terabytes per second. The attack against Dyn was a botnet-generated one whereas the one against Github used memcaching.

What is Memcaching?

Memcached is used to speed up websites and networks. There are approximately more than 100,000 Memcached servers existed on the public internet. In the attack against Github, cybercriminals used spoofing as the technique to attack the victim’s IP address. The lack of authentication on Github servers allowed the attacker to send smaller queries which were designed to receive gigantic responses, i.e. 50-time larger, from the Memcached server. This is what we know as amplification attacks.

The Attack on Amazon Web Service

As mentioned above, Amazon Web Service was hit by a 2.3 tbsp UDP reflection vector DDoS attack in February this year. This is the largest attack ever in terms of bit rate. The attack used a technique known as Connectionless Lightweight Directory Access Protocol (CLDAP) Reflection. This technique uses vulnerable third-party CLDAP servers to amplify data routed to the victim’s IP by around 56-70 times. The attack against AWS remained active for three days.

The AWS’s Threat Landscape Report for the first quarter of 2020 showed that this was around 44% bigger than any other network volumetric event ever reported on the AWS. The reflection attacks resulted in three days of remarkable threat during a week in February 2020 before it was eventually mitigated by the AWS.

The New Normal

The most worrying sign is that what once was considered as the largest DDoS attack ever is now the new normal. Imperva discovered in its research that it has consistently recorded DDoS attacks every week that cross 500 gigabits per second. Imperva spotted and mitigated nine DDoS against its customers in May 2019. It also reported that one of its most recent attacks hit a high of 652 million PPS. The businesses operating today exist on a double-edged sword. They not only witness massive DDoS attacks but also record them on a daily basis.

How a DDoS attack takes place
How a DDoS attack takes place; Source: Prolexic

The Concluding Remarks

The Distributed Denial-of-Service attacks are now a common occurrence on the public internet. It means that global enterprises are now in dire need to implement effective security systems to mitigate such threats. It doesn’t matter whether you’re a small business or a huge one, DDoS attacks can whelm any enterprise out there.

This is why enterprises need to invest in installing web security solutions, like Astra which offers a complete set of security arrangements for websites. Astra fends off any bad bot activity from getting to your website along with providing protection from malware, SQLi, SEO spam, credit card hacks, brute force, comments spam, and many other types of viruses.

How Astra Firewall fights DDoS attacks
How Astra protects your website from getting DDoS’d

Beware! Your online services, including websites and emails, are at the risk of getting compromised by a DDoS attack. Do your enterprise or web project a favor and provide Ddos protection against all types of DDoS attacks.

Was this post helpful?

Aakanchha Keshri

Aakanchha is a technical writer and a cybersecurity enthusiast. She is an avid reader, researcher, and an active contributor to our blog and the cybersecurity genre in general. To date, she has written over 200 blogs for more than 60 domains on topics ranging from technical to promotional. When she is not writing or researching she revels in a game or two of CS: GO.
Notify of

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Inline Feedbacks
View all comments

Psst! Hi there. We’re Astra.

We make security simple and hassle-free for thousands
of websites and businesses worldwide.

Our suite of security products include a vulnerability scanner, firewall, malware scanner and pentests to protect your site from the evil forces on the internet, even when you sleep.

earth spiders cards bugs spiders

Made with ❤️ in USA France India Germany