The largest DDoS attack of the first half of 2020
We continue to acquaint you with the consequences of the activity of cyber criminals, as was said in ancient times Praemonitus, praemunitus, forewarned is forearmed. Only knowing how to look the enemy can prepare for his meeting.
Today I want to talk about a large DDoS (distributed denial-of-service) attacks of the first half of 2020.
21 Jun service Cloudflare was subjected to a high volume DDoS attack, the speed of which reached 754 million packets per second. The attack lasted four days, starting June 18 until June 21: attack traffic is sent with more than 316 000 IP addresses on a single IP address, Cloudflare, which was mainly used for web sites in the free tariff plan.
During these four days the attack used a combination of the three vectors of attack on TCP: SYN floods, ACK floods and SYN-ACK floods. The attack lasted for several hours at speeds in excess of 400-600 million packets per second, and reached several times the maximum above 700 million packets per second with a maximum peak at 754 million packets per second. The attackers tried to overwhelm routers and devices of the data center with high-speed transmission packages.
Representatives Cloudflare claimed to have been able to pay off this attack, although, according to some information, maybe it was only a diversion for large-scale data theft or a test before the attack in a few days.
Cloudflare is an American company that provides CDN services and protection from DDoS-attacks, secure access to resources and DNS servers. Cloudflare services work as a reverse proxy for the site.
Director: Matthew Prince (2009)
Income: USD 287 million (2019)
Headquarters: San Francisco, CA, USA
Date of establishment: July 2009, San Francisco, CA, USA
Founders: Matthew Prince, Lee Holloway, Michelle Zatlin
Also on 21 June, the company repaid Akamai, the largest DDoS attack of type PPS (packet per second) from recorded earlier on the platform. The attack generated 809 Mpps (million packets per second) goal was a big pot of Europe. According to company representatives, this new industry record for PPS-focused attacks.
The peculiarity of this attack was the explosive growth of source IP addresses. This suggests that the traffic was badly distributed, moreover, in addition to the volume addresses the peculiarity was that almost all traffic went from not participating to 2020 in the attacks Resnikov that signals the emergence of a new botnet.
Unusual that 96.2% of source IP addresses has been detected for the first time (or at least has not been monitored as part of the attacks in recent history). Experts have observed a few different vectors of attacks emanating from 3.8% of the remaining source IP address that matches one attack vector, visible in this attack, in coherence with others. In this case, most of the source IP addresses were identified in the major Internet providers, which means compromised end-user computers.
The attack on June 21 was not only his size but the speed with which it reached its peak. The attack soared with normal levels of traffic to 418 GB/s almost instantly and reached its peak size in 809 Mpps in about two minutes. In total, the attack lasted almost 10 minutes.
Akamai Technologies — service provider for accelerating web sites, service provider platforms, content delivery and applications. 240 000 uses geographically distributed servers for faster delivery of content to visitors.
Headquarters: Cambridge, mA, USA
Income: 2,894 billion USD (2019)
Date of establishment: 1998
Director: Frank Thomson Leighton (1 Jan. 2013)
Founders: Frank Thomson Leighton, Daniel Lewin, Randall Kaplan, Jonathan Selig
Previously, Amazon AWS Shield repaid Vraticu, capacity of 2.3 TB/sec. Attack on Akamai 418 Gbit/sec, does not look so Grand in this perspective, but do not forget that they are different types of attacks, before that record traffic volume PPs attacks were only 293,1 million packets per second, and is 2.7 times smaller than the incident with Akamai.
In the report, AWS Shield Threat Landscape Report there was no information on what the AWS customer was directed this attack, but mentioned that the DDoS was organized with the help of compromised web servers CLDAP. Reflection attack before fading lasted three days.
Amazon is an American company, the world’s largest e-Commerce platform and public cloud computing by revenue and market capitalization.
Founder: Jeff Bezos
Date of establishment: July 5, 1994, Bellevue, Washington, United States
Director: Jeff Bezos (may 1996)
Headquarters: Seattle, WA, USA
Income: 280,522 billion USD (2019)
2020 is under the banner of the fight against the epidemic of coronavirus COVID-2019 that affected both the working methods and business communications between users and the purposes and methods of attack by cybercriminals.
Due to the increased activity in the use of delivery services, educational platforms, game servers, means of remote communication, the increased interest in the information resources of a medical nature, has changed the emphasis of the attacks in the network.
In particular, March was an attempt to block the work of the Ministry of health and social welfare of the US government (HHS), some, as colorfully expressed by representatives of the Ministry, online thugs, the benefit of HHS in preparation for the response to the epidemic has installed extra protection and added power its resources to prevent disruptions.
Also in March, under attack hit the hospital network Assistance Publique — Hôpitaux de Paris (APHP) in Paris, which consists of 44 institutions, some systems were unavailable for hours, even though it brought inconvenience to the staff, in particular, employees working remotely, but in this case, the attack was repulsed.
Less fortunate a meal delivery service Takeaway.com (Lieferando.de), the criminals attacked them in a time when the number of applications has increased dramatically, but they could only take orders and handle prevented the distributed attack of the “denial of service” on the website. For stopping the siege, criminals extorted 2 bitcoins. Jitse Groen, founder and CEO of Takeaway, then published a post on Twitter with a screenshot of their message.
Attackers a ransom were not paid, but due to the size of the delivery network, which is more than fifteen thousand restaurants in Germany, the consequences of DDoS-attacks was also significant for the customers and for the owners of restaurants and to the service itself. Lieferando also had to compensate the users paid, but not the requests.
The same situation was with Dutch delivery service Thuisbezorgd.
Was DDoS in March, the online platform Mebis in Germany that’s meant for online education the Bavarian schoolchildren.
On the first day of the transition to distance learning with hundreds of thousands of auto page views to the website put in a few hours.
Problems have also been observed in gaming platforms such as Blizzard and multiplayer games EVE Online, was especially unlucky in the past, she was under the onslaught of a DDOS attack for nine days.
In January, a prolonged DDoS attack exposed servers Wargaming. World of Tanks players, World of Warships and World of Warplanes had login issues and disconnections from the server.
Also attacked the servers of the government bodies of Greece, took down the websites of ministries, emergency services and even the police of the country.
According to the FBI in February, was attacked the website of voter registration in the USA. Hackers used the technique of pseudo-random attacks on subdomains (PRSD), the queries have occurred for at least one month with an interval of about two hours, and the request rate reached a peak of about 200,000 DNS queries.
The attacks list is far from complete, but not all of them deserve a mention, and we understand that in some cases, under the guise of DDoS companies can hide their incompetence in supporting the increased number of users, are not providing additional capacity in equipment and their services.
ORIGINAL PAGE –