Posted on October 28, 2020 at 9:27 AM
Distributed Denial of Service attacks, commonly known as DDoS attacks, have been on a sharp rise in recent years. Back in 2019, experts predicted that these attacks are going to double over the next couple of years, and so far, these predictions definitely came to pass.
In fact, the first half of 2020 brought a 151% increase in the number of DDoS attacks when compared to the same period in the year before. That brought the number of attacks during this period to 4.83 million. Not only is the number of attacks increasing, but some of them that took place in 2020 were among the largest ever seen.
Today, we will list 10 of the biggest DDoS attacks in 2020, and see who they were targeting, and how effective these incidents ended up being.
The largest DDoS attacks in 2020
1) The attack on Amazon
As mentioned, this year saw the largest DDoS attack in history, and it was directed against Amazon. The company sustained a 2.3 Tbps attack earlier this year, in February. The most impressive thing about the attack is that Amazon actually managed to fend it off.
According to Amazon, AWS Shield — the firm’s managed threat protection service — managed to observe and mitigate the attack on February 17th. The volume was previously unseen, and even Amazon itself confirmed that.
In fact, the company noted that this was approximately 44% larger than any attack that was previously launched against Amazon Web Service. The attack caused “3 days of elevated threat during a single week in February 2020 before subsiding,” as the report states.
It was rather fortunate that Amazon managed to come out of this incident as the victor, as such an attack would have seriously damaged the company otherwise. Fortunately, however, Amazon managed to mitigate it and preserve not only its systems, but its reputation, as well.
In other words, the largest DDoS attack in history — failed.
2) Neustar mitigated a 1.17 Tbps attack
Another massive attack that took place in 2020 was the largest one that Neustar ever mitigated, at 1.17 Tbps. This was a CLDAP-based attack that also took place in the first half of this year, right at the time when the COVID-19 pandemic spread throughout the world.
This one lasted for around five days and 18 hours, and they only confirmed the company’s claims that these attacks continue to grow in number, volume, and intensity of network-type attacks on companies that are relying more on the internet.
With the pandemic still forcing firms to have their employees work remotely, similar attacks are likely to continue to happen, and indeed, other notable attacks have also already happened.
3) Attack on Chinese gambling site
Another attack that attracted a lot of attention took place in July, and was reported by Imperva Research Labs. This was an application layer (layer 7) attack, which hit a Chinese gambling website.
According to reports, the attack originated from 851 different IPs, although it lasted less than 10 minutes.
However, the amount of requests that were sent during this time is quite astounding, reaching 689,000 of them per second at the time when the attack was at its strongest point.
Naturally, such a high intensity of the attack quickly managed to overwhelm the servers, and the gambling site came to a halt rather quickly.
4) Another July attack targets India
Imperva actually recorded another major attack in July 2020, only this one was directed against a target in India. The reports explained that this was a massive network layer (layers 3 and 4) attack, which managed to reach 398 Gbps when it reached its peak.
One notable detail regarding the attack is that it was made up of a syn flood, meaning that the majority (76%) of its packets were somewhere between 0 and 100 bytes. However, it was augmented by a large syn flood, which made up the remaining 24%.
These packets sat between 100 and 900 bytes each. The size and intensity of both of July attacks recorded by Imperva makes them rather exceptional, although they are only an extension of a trend that simply continues to rise, without any sign of stopping, or even slowing down.
5) DDoS attacks hit NZ stock exchange
Less than two months ago, a New Zealand stock exchange suffered its own DDoS attack. In fact, it was hit with an entire series of attacks, which knocked the exchange offline for two days in a row.
The first attack hit on Tuesday, August 25th, and the exchange believes that it came from overseas. The attack impacted the NZX system connectivity, according to reports at the time. That includes its websites, as well as the Markets Announcement Platform.
The exchange was forced to halt trading at 15:57, local time. However, it managed to resume normal services within an hour from the impact.
The second attack followed the next day. The attack hit on Wednesday morning, around 11:24 local time, and the exchange’s trading in cash markets had to stop for the second time. Once again, the attack impacted the exchange’s websites and the Markets Announcement Platform. However, trading at the NZX Main Board, Fonterra Shareholders Market, and NZX Debt Market were quickly returned to normal, around 3 pm.
6) A hit on HHS
Back in mid-March, as the COVID-19 pandemic first became a worldwide issue, the US Health and Human Services Department suffered a major cyber-attack on its computer system. At the time, reports claimed that the incident was a part of a campaign of disruption and disinformation.
Remember, this was when coronavirus first went global. People were engaging in panic-shopping and seeking any bit of information that would help them protect themselves from the new disease.
Hitting the HHS Department seemed like a clear attempt to undermine the response to the pandemic, and reports claimed that it may have been the work of foreign actors.
The attack was seemingly unsuccessful, as the HHS Secretary, Alex Azar, claimed that there was no penetration into the networks. However, the attack was seemingly quite severe, and it involved attempts to overload the HHS servers with millions of hits over several hours.
In response to an attack, the agency put extra protections in place in order to ensure its availability during the pandemic. Naturally, the HHS cybersecurity experts continued to carefully monitor all traffic in order to spot another attempt as early as possible, in case hackers tried to take down the network again.
7) Paris hospitals hit by DDoS
Another DDoS attack hit a major hospital group in Paris within only days from the attempt to take down the US HHS. The attack was successful enough to prevent employees from accessing their home work programs, as well as their email.
The attack targeted Assistance Publique-Hôpitaux de Paris (APHP) — a group that includes as many as 44 different hospitals in and around Paris. As you can imagine, these hospitals were extremely busy with COVID-19 victims at the time, as there were around 665 patients placed in intensive care at the time of the incident.
Naturally, with the hospitals already overwhelmed with coronavirus patients, the attack did even more damage than it usually would. The move once again proved that attackers would use any opportunity they can get to do as much damage as they can, and take advantage of the situation surrounding 2020.
8) Hitting the food delivery industry
Two different food delivery services — one in Germany (Lieferando) and another in the Netherlands (Thuisbezorgd) were attacked next.
These two found themselves in very awkward situations, as the attacks on both were successful. However, they did not knock the services’ websites down completely, and so both companies ended up being able to accept orders and charge users for them, but unable to process them.
This meant that they had to return the customers’ money.
Another interesting development is that attackers who targeted Lieferando actually got in contact with the company. They demanded money in order to stop their attack, which is usually something that happens during ransomware attacks.
As you may know, ransomware users encrypt their victims’ files, and demand money in exchange for the decryption key. This time, however, DDoS attackers tried to do the same, and they wanted 2 BTC in order to stop their attacks. At the time, Bitcoin’s price was rather low due to the mid-March price crash, caused by COVID-19 fears, which led to an economic meltdown. In total, the price of 2 BTC back then was little over $13,000.
9) School’s out in Germany
Another attack that hit Germany focused on Mebis, a remote learning platform that was used by the country’s teachers and professors to get in contact and continue educating their students during the pandemic.
Not only that, but the platform suffered the attack on the very first ‘remote school’ day.
However, the platform was able to recover and return after only a few hours, so the schools were capable of continuing remote education after that, with all features functioning properly.
10) DDoS interrupts amendments voting in Russia
Russia is often connected to hacking attacks in all kinds of reports from all over the world, but this June, the country suffered quite a notable attack, itself.
At the time, Russia hosted a multi-day vote on amendments to its constitution. The preparations for the vote were, unfortunately, interrupted by the hackers, who conducted a powerful DDoS attack.
Only a day after the voting started, the country’s Central Election Commission announced that it is under attack. Immediately after the attack ended, another one hit the online voting service, itself.
However, officials claimed that the operation was not disrupted in any way. There were occasional outages that the online voting service has experienced at the beginning, although this was apparently not related to the attack, at all.
Instead, the outages were the result of the system being unable to handle even the legitimate traffic.
However, that was not all, as the attackers also moved on to try and take down the constitution information website. This took place on June 28th, and the Central Election Commission’s spokesperson revealed that the CEC managed to identify the origin of the attacks.
According to the spokesperson, the website was hit by traffic from Singapore and Great Britain.
As mentioned, 2020 was absolutely flooded with all kinds of DDoS attacks, with countless smaller ones, and quite a few large ones. The first two we mentioned were even record-breaking, when compared to the attacks that were seen in previous years.
In other words, it is very likely that these kinds of attacks will continue to grow in years to come, as predicted, despite efforts to shut down websites that offer DDoS as a service.
These efforts have been a major focus of various governments’ agencies for years now, and there were multiple successful cases when such operations bore fruit. However, these services continue to emerge, and there is also no lack of hackers that are taking over users’ devices in order to form new botnets and use them for nefarious purposes — whether to offer them to those who might want to use them, or to use them, themselves.