Distributed denial of service attacks, or DDoS attacks, see malicious actors attempt to disrupt a site by overwhelming its infrastructure with a large amount of internet traffic. As DDoS attacks overwhelm a site’s bandwidth, this prevents users from accessing it.
Here, Cyber Security Hub explores why malicious actors launch DDoS attacks, who they usually target and some key examples of these disruptive attacks.
Contents
-
Why do malicious actors launch DDoS attacks?
-
How big was the largest ever DDoS attack?
-
How hacktivists use DDoS attacks to target their opponents
-
How DDoS attacks are used to disrupt company operations
-
How DDoS attacks are used to target online content creators
Why do malicious actors launch DDoS attacks?
DDoS attacks are launched with the purpose of causing disruption and taking down sites for a prolonged period of time. As they are disruptive, they are often used by malicious actors as a way of attacking specific individuals or companies.
For example, hacktivists may use DDoS attacks against government sites or companies, or malicious actors may launch targeted DDoS attacks as a form of harassment against online content creators. This attack vector can also be used to cause harm to companies as they will be unable to function properly if their website is down.
How big was the largest ever DDoS attack?
On June 1, 2022, Google reported that it had blocked the “largest” DDoSattack on record, which had a peak of 46 million requests per second (rps).
The attack targeted a user who had employed Google’s network security service Google Cloud Armor user with the authentication and security protocol HTTPS for a duration of 69 minutes. The attack had 5,256 source IPs from 132 countries contributing to it, meaning over 5,000 separate IP addresses were registered as part of the attack.
Google reported that the attack was the biggest DDoS attack that used HTTPS traffic to overwhelm a network, also referred to as a Layer 7 DDoS attack, reported to date. The attack was 76 percent larger than the previous record for a Layer 7 DDoS attack.
In a blog post about the attack, Emil Kiner, senior product manager for Cloud Armor, and Satya Konduru, technical lead, both at Google, noted that the attack was akin to “receiving all the daily requests to Wikipedia…in just 10 seconds”.
How hacktivists use DDoS attacks to target their opponents
Hacktivists, or hacktivism, describes malicious actors who are motivated not by monetary gain but by their political views.
Hacktivists use cyber attacks to further their ideology or make political statements. They frequently utilize DDoS attacks to take websites or services offline.
For example, in February, the North Atlantic Treaty Organization (NATO) was the victim of a series of distributed denial of service (DDoS) attacks, causing temporary disruption to some of its sites.
The DDoS attacks were linked to the Russian hacktivist collective Killnet, which posted via an encrypted channel on social media platform Telegram that it was planning to launch the attacks. The group also appeared to ask for cryptocurrency donations to launch further attacks.
Jens Stolberg, secretary general of NATO, said that protective measures were deployed in response to the attack.
The Russia-based Killnet hacking collective claimed responsibility for recent DDoS attacks against NATO that disrupted a number of its operations, including a relief program assisting those impacted by the Turkish–Syrian earthquake.https://t.co/gbT87uTj0J
— Jim Geraghty (@jimgeraghty) February 28, 2023
Stolberg noted that NATO’s classified networks, which are used to communicate within its command structure and on active missions, were not affected by the DDoS attack. He also said that “the majority of NATO websites were functioning as normal” and that the organization’s technical teams were “working to restore full access”.
Despite Stolberg’s assurances that the network was not affected, it was reported that communications between NATO and its Strategic Airlift Capability (SAC) were impacted. The SAC was used as part of NATO’s response to the magnitude 7.8 earthquake that hit Syria and Turkey on February 6 and its subsequent aftershocks, with an aircraft being used to fly search and rescue teams and their equipment to an airbase in Turkey. The SAC’s ability to communicate with the aircraft was allegedly affected by network disruption although it did not fully lose contact with the plane.
How DDoS attacks are used to disrupt company operations
In February, seven German airports reported being the victim of a series of DDoS attacks.
The attack, which took place on February 16, saw the websites of airports including Dortmund, Nuremburg and Dusseldorf taken offline. Larger German airports, including Munich, Berlin and Frankfurt were not targeted in the attack.
In a statement, the chief executive of Germain airport association, Flughafenverband ADV said “once again, airports fell victim to large-scale DDoS attacks,” but added that “according to the information we have so far, other systems are not affected”.
German media company Der Spiegel reported that a “Russian hacktivist group” had claimed credit for the attacks.
How DDoS attacks are used to target online content creators
In November 2021, there were a series of DDoS attacks launched against those streaming the survival horror game, Dead By Daylight.
The huge amount of traffic launched against players’ IP addresses caused them to be unable to stream or even play the game. It also led to some streamers being ‘doxxed’ – having their personal or identifying information posted publicly online – and ‘swatted’ – having false reports of them being a danger to themselves or others submitted to the police, causing armed police officers to forcibly enter their homes.
One such victim of a DDoS attack while streaming Dead By Daylight was streamer and drag queen Elix. Bad actors gained access to her IP address, which they used to disrupt streaming of the game, then used the IP address to find and leak her home address. This was then used to make false reports of violence at the address, which caused Elix’s home to be raided by police, leading to herarrest.
Stay safe ya’ll.
I was being DDOS’d all day yesterday while I only played Dead By Daylight, I am not sure how this person/people got my IP.
Today I got a VPN and updated my IP but the damage was already done, this led to being doxxed while I was live and then swatted. 1/4
— Elix🇲🇽 (@Elix_9) November 10, 2021
Fellow drag queen Eveohh was also the victim of several DDoS attacks while attempting to stream Dead By Daylight. She was a target so frequently that she claimed she was “truly the [number one] DDoS survivor”.
Hey lovelies! Not even 30 min in and I got DDOS’d! I’m truly the #1 DDOS survivor! 🤣
I’m figuring this out and I’ll be back eventually. ♥
— Eevoh (@Eevohhh) November 10, 2021
While the reason behind the Dead By Daylight DDoS attacks was not given, it has been speculated that due to the game’s popularity within the LGBT community and the fact that many of the streamers targeted were LGBT creators meant that the attacks were motivated by homophobia.
The game’s developer, video game company Behaviour Interactive said to Eurogamer that they were “aware of certain targeted cases of distributed denial of services”, saying that they both “deplore” the attacks and “take [them] extremely seriously”.
Behaviour Interactive said it was investigating the attacks and encouraged any players or streamers to report any DDoS attacks or inappropriate or abusive behavior in the game to the company.