DDoS attacks are getting more common every year. No matter what kind of business you have, for sure you have suffered at least once a Distributed Denial of Service (DDoS) attack. To know what a DDoS attack is, you can read this article.
Those attacks are thanks to the many cyber criminals out there and the growing number of unprotected IoT devices. Performing strong DDoS attacks has become a malicious but profitable business. Let’s show you some of the largest DDoS attacks ever recorded.
By the way, you won’t believe how strong the DDoS attacks have become in 2022!
DDoS attack against Citigroup, PNC Bank, U.S. Bank, Wells Fargo, JP Morgan Chase, Bank of America, 2012
This attack was early proof of how powerful a DDoS attack can be. It brought down not a bank, not two, but six big banks in the USA! The attackers have hijacked hundreds of servers. After that and through a combination of different malicious techniques, they sent traffic enough to shut down these banks. Every attack produced around 60 gigabits per second(Gbps)! This was a scary attack and still, the world soon witnessed even stronger ones!
KrebsOnSecurity.com DDoS attack, 2016
In September, there was a DDoS related to the Mirai botnet. A zombie army of Internet routers, smart light bulbs, digital video recorders, and security cameras was used to execute this attack. The traffic was around 665 Gbps (11 times more in comparison to 2012!), and luckily KrebsOnSecurity’s security managed to resist it.
“Many were garbage Web attack methods that require a legitimate connection between the attacking host and the target, including SYN, GET and POST floods,” noted Krebs.
Do you want to know more about DDoS attack types? Read our dedicated article here.
Dyn DDoS attack, 2016
In October, only a month later, the DNS provider Dyn had a terrible day. Even though the company is quite big and dedicated to these types of matters, their servers went down. This affected all their clients including big brands like Netflix, Twitter, Reddit, Visa, Amazon, and more. The problem was the botnet of IoT called Mirai. It hijacked many connected devices and the attack was amplified to 1.2Tbps* (the number was not confirmed, but it could be double as the previous record!). Around 600,000 IoTs (malicious traffic sources) were involved in the attack. They were sending queries to the Dyn servers with the clear objective of flooding them and shutting them down.
Even back then, it was obvious that IoT devices will bring a lot of trouble!
To know more about the Internet of Things (IoT) and its connection with DDoS attacks, you can read, this article: “IoT and home automation”.
BBC DDoS attack, 2016
On New Year’s Eve, the popular media was attacked by the New World Hacking group. The attack of 620 Gbps caused some downtime. BBC is often a victim of DDoS attacks, they suffered a large one in 2015 as well. There is always somebody who wants to stop the media.
Google DDoS attack, 2017
In this case, it was not an isolated attack but an evil campaign executed for six months. Yes, you read this correctly. Six months of DDoS attack!
Attackers hit strongly Google by sending spoofed data packets to 180,000 connection-less lightweight directory access protocol (CLDAP), domain name system (DNS), and simple mail transfer protocol (SMTP) servers. Criminals used different networks for spoofing 167 million packets per second (PPS). The attack reached a peak of 2.5 terabits per second (Tbps).
This is double more than the previous record from just one year ago! Double!
Massive traffic loads were created, and millions of answers (data packets) per second were sent to thousands of servers owned by Google. The mission was clear, attackers wanted to saturate Google’s servers to shut them down. This campaign attack marked a scary high record for its time.
GitHub DDoS attack, 2018
On the first day of March, GitHub was hit by the largest DDoS attack of its kind yet. At its peak, it was 1.35 Tbps. The type of attack was Memcached. It uses an exploit to amplify the attack massively – 50 times! GitHub was down for about 10 minutes.
No new DDoS high scores, but still a strong attack.
Arbor Networks DDoS attack, 2018
In March, only a few days after GitHub’s attack, the US service provider Arbor Networks was hit by an even larger DDoS attack – 1.7 Tbps. This big number was achieved by exploiting the UDP port 11211. DNS servers use UDP because it is fast, but it lacks verification which makes it vulnerable to IP spoofing. This attack is called Memcached.
Imperva DDoS attack, 2019
This year, the international company dedicated exactly to offering cyber security to its clients was directly challenged by cyber attackers with not one, but two strong DDoS attacks. The type of attack used in both was the SYN flood. Criminals sent SYN packets constantly to every port of the target’s server by using a fake IP address. Process and answering the huge amount of generated requests, of course, can consume very fast the resources of the server. And this was exactly what attackers wanted, to make the whole system unavailable for legit traffic.
The first SYN attack against Imperva’s servers was 500 million data packets per second (DPPS). While the second attack was 580 million DPPS. Both from 800 to 900 bytes. This power made those the largest DDoS attacks (application layer) at that point. The moral of this tale was that fighting against such DDoS attacks was not easy even for this security giant!
Amazon Web Services (AWS) DDoS attack, 2020
Again a big venture was targeted by cybercrime. In mid-February 2020, criminals executed a DDoS attack exploiting a vulnerability linked with the connection-less lightweight directory access protocol (CLDAP). As you see, this protocol is frequently exploited by attackers. The reason is this CLDAP allows a massive amplification of the data sent. Attackers send a query to a CLDAP server using a spoofed IP address. This will make sure that the response will be sent to the target.
The type of attack is already known, but again, what called the attention was the power it reached. The size of the traffic, the criminals generated to take down AWS servers, was massive! Its volume was officially stated, at its highest point, at 2.3 Tbps! Massive traffic! And it only happened a couple of years ago!
Gambling company DDoS attack, 2021
2021 started with a trend, DDoS ransom attacks were hitting worldwide. Yes, extortion was the objective! The attack was executed for months against a client of the Akamai network. In March 2021, the attack reached a peak of traffic of 800+ Gbps. Akamai, the international tech and cybersecurity company, was the one fighting the attack against the gambling company. The official information provided by Akamai said it was through the datagram congestion control protocol (DCCP) that criminals enabled the attack. It became a volumetric attack capable of bypassing the standard UDP and TCP traffic defences.
Cloudflare DDoS attack, 2021
In November of 2021, Cloudfare fought back a DDoS attack that reached close to 2 Tbps (highest peak). Cloudflare informed that behind this attack there were 15,000 bots approximately, executing a variant of the original Mirai code. They were mostly IoT (Internet of Things) devices and unpatched GitLab instances. The company said the attack lasted almost a minute but it was one of the largest they have seen. It was described as a multi-vector attack in which criminals added a combination of UDP floods with DNS amplification.
So you can see IoT devices will be a constant threat to cybersecurity.
Asian Microsoft Azure’s client DDoS attack, 2021
Again in November, Microsoft revealed its Azure DDoS protection platform fought a huge 3.47 Tbps DDoS attack with a packet rate of 340 million packets per second (PPS).
This is still the largest DDoS attack ever, with 38.8% stronger traffic than the previous record!
The victim was an Azure client from Asia. The attack was coming from around 10,000 sources (connected devices) located in multiple countries like China, Russia, the United States, South Korea, Taiwan, India, Iran, Indonesia, Vietnam, and Thailand. It lasted 15 minutes and it used multiple vectors for UDP reflection on port 80, like the SSDP, DNS, NTP, and CLDAP protocols.
UDP reflection attack works through UDP query and response packets reflected within a network using a spoofed IP address.
Chinese telecommunications company DDoS attack, 2022
It was in June of 2022 when a Chinese telecommunications venture was attacked. Imperva, their defender, faced a battle against over 25.3 billion requests to defend its client. The attack lasted more than four hours and registered 3.9 million requests per second (RPS) at its highest peak, with an average rate of 1.8 million RPS.
Criminals attacked through HTTP/2 multiplexing or combining multiple packets into one for sending many requests simultaneously over individual connections. The attack included a botnet integrated by around 170,000 different IP addresses of security cameras, routers, and compromised servers located in approximately, 180 countries. No doubt, it was an evil but effective plan, hard to be mitigated. Imperva handled it but it was another big challenge for the company.
Cloudflare’s client DDoS attack, 2022
Also in June of 2022, Cloudflare had to deal with a 26 million request per second DDoS beast! Another record for the largest DDoS attack of this type was established by the dark cyber side. The target was a Cloudflare client. Based on the company report, criminals attacked through HTTPS and used hijacked virtual machines, powerful servers, and a small but effective botnet integrated by around 5,067 devices. Considering average numbers, every node produced a peak of 5,200 RPS.
No matter the size of the botnet (not the biggest compared with really large ones), the use of servers and virtual machines allowed criminals to boost highly the power of the attack. In less than 30 seconds, the botnet achieved more than 212 million HTTPS queries from over 1,500 networks in 121 countries. Russia, Indonesia, Brazil, United States were at top of the list.
This was not an easy or common attack to deploy and mitigate. Criminals in the past had abused the unencrypted HTTP, but to do this using the HTTPS required more and better computational resources.
If you have questions about the DDoS attacks, find the answers here.
Wynncraft DDoS attack, 2022
Cloudflare has been very busy! This time the company had to fight back a 2.5 Tbps DDoS attack. The victim was its client Wynncraft, one of the largest Minecraft servers. It was a multi-vector attack that used TCP, UDP floods, and a Mirai botnet variant. It lasted two minutes and was considered by Cloudflare, the largest DDoS attack based on the bitrate, against them. The attack could have been tragic for the thousands of gamers that play on the same server and for Minecraft’s reputation. But it was successfully mitigated.
Google Cloud DDoS attack, 2022
This time, a client of Google Cloud Armor was the target. The company informed the detection and mitigation of a series of HTTPS DDoS that reached a peak of 46 million requests per second! This means it was 76.9% larger than the recently reported DDoS attack (Cloudflare) of 26 million RPS. So, the biggest RPS DDoS up to date. Google’s Cloud division stated it this way:
“To give a sense of the scale of the attack, that is like receiving all the daily requests to Wikipedia in just 10 seconds,” said a Google employee. Wikipedia is ranked among the top ten websites with high traffic globally.
The attack used 5,256 sources (IP addresses), located in 132 different countries. It lasted 69 minutes and became the largest DDoS attack (Layer 7). Engineers in charge of its mitigation, said, first they detected more than 10,000 RPS. In 8 minutes, it grew up to 100,000 RPS and only 2 minutes later, the attack reached the scary peak of 46 million RPS.
Google’s diagnosis pointed out that the characteristics of the assault matched with the Meris type of attacks.
What the largest DDoS attacks clearly show is that they are not only a constant threat but also more powerful every day. How many times in recent history we have heard “this is the largest DDoS attack ever”? But reality points out that only with months, even weeks, of difference, there’s a new and stronger attack.
And you know, DDoS attacks mean painful and costly consequences. From downtime to financial loss and damages to your business reputation.
If at this point, you still wonder, “Are we safe from DDoS?”, we can directly say, no. We are not unless we take effective security measures.
Yes, there are different choices to protect your online business. You can, for instance, choose DNS Protection. Thanks to it you can reduce a lot of the traffic by filtering it and load balancing it on different servers. This way your servers can withstand most of the DDoS attacks and your clients won’t be left without a service.
Keep your business safe and resist even monstrocious DDoS attacks of above 2 Tbps with Neterra DDoS Protection.
You can learn more about Neterra DDoS protection here.
Just remember this, the biggest DDoS attack of 2012 was 60 Gbps and now is 3.47 Tbps. This is a 5683.3% increase in a decade!
This list was updated in late 2022. Since there are millions of DDoS attacks every year, we are going to update it often.