World's Largest DDoS Attack Breaks Records, Clocks At Massive 500 Gbps
In its latest Worldwide Infrastructure Security Report, Arbor Networks reports on the biggest distributed denial of service attack, which had a whopping load of 500 Gbps.
The previous largest DDoS attack was of "only" 300 Gbps. It involved young aspiring hacker Seth Nolan-Mcdonagh, who temporarily took down SpamHaus' webpage.
In some cases, the attacks are carried out by state-funded organizations instead of individuals. Last year, GitHub went down after it suffered a DDoS attack, and the main suspect was China, which has a tumultuous history with the software repository. The programming website was even blocked by the Chinese authorities for a short amount of time.
The yearly Arbor survey uses data from hosts, mobile service providers and service providers. The survey, which ran until November 2015, got the results based on the 354 global participants who answered questions on network safety specifically about protocols used for reflection/amplification.
"The largest attack reported by a respondent this year was 500Gbps, with other respondents reporting attacks of 450Gbps, 425Gbps, and 337Gbps," the report states [pdf].
This marks a worrying trend among top-end size DDoS attacks, which get more ambitious every year.
The security firm has the numbers to back this statement up.
In the previous report, Arbor discovered that one-fifth of respondents got slammed with attacks that topped 50 Gbps. This year's survey shows a hefty increase, as a quarter of respondents talk of attacks that go more than 100 Gbps.
While only five respondents found evidence of DDoS attacks topping 200 Gbps, there were many reports of attacks between 100 and 200 Gbps.
Arbor Networks points out that cloud-based services are increasingly becoming tempting targets, as they now make up 33 percent of attacks.
Another staple of last year's hacking attempts is the exploitation of weaknesses in the network time protocol. Reflection and amplification attacks can easily make use of the soft spots in the security infrastructure, leading to significant damages.
As a countermeasure, servers keep receiving updates and security patches that should (in theory) keep them safe from attackers who gain a large response to a small query and use it towards a target of their choosing.
"[S]ecurity is a human endeavor and there are skilled adversaries on both sides," Darren Anstee, chief security technologist at Arbor Networks, says.
An interesting shift exists in the DDoS attackers' motivation: the perpetrators no longer seem to find joy in hacktivism or vandalism.
Unlike in previous years, extorting the victims and banking on the vulnerabilities of network systems now seem to be the prevalent reasons. In order to accomplish this, they use multi-vector simultaneous attacks which plow through applications, services and infrastructure.
A vast majority of respondents identified application-layer DDoS attacks, which targeted DNS services instead of Web servers. Looking at the larger picture, multi-vector attacks counted for 56 percent of customer outages, up from 42 percent in the previous year.
More than 50 percent of the respondents told Arbor that DDoS attacks go after the inline firewalls and bring down the internet connectivity. Arbor explains that these devices are the first to fall in case of a DDoS attack and underlines that being inline can greatly add to network latency.