Lists for PR – sample of Ten Notable DDoS Attacks in 2018

Lists are easy to digest and popular with readers, so we often use them as a PR tactic. Rather than give you advice on how to write a list, we wanted to share with you a sample list, so some good practice as it were.

This type of list can be used on a company’s blog, an individual’s LinkedIn Pulse or sent out to journalists…

Good lists have detail but are not super long, we like using images and videos, good sub-heads, often titles like Top Ten and if there’s a link to the client site within a strong call to action, that’s useful.

We work for cyber security firms, so decided to write a list on DDoS attacks in 2018. Enjoy.

Distributed denial of service (DDoS) attacks attempt to compromise or shut down their target by overwhelming servers with a flood of data. It’s as simple as that. If the target can cope with increased traffic, it survives. If not, service is disrupted.

There are, however, many ways the attack can be delivered, from many thousands of compromised devices (such as an IoT-based attack), to just a few sources using a reflection technique (where vulnerable servers are tricked into multiplying the data which is then directed at the target).

There are also many different motivations for DDoS attacks, including political hacktivism, revenge, extortion, and simple commercial competition. Whatever their causes, here are 10 of 2018’s most noteworthy DDoS attacks.

10) Business Wire Under Sustained Attack

When: January-February 2018

The target: Business Wire

The motive: not known

Peak attack bandwidth: not known

The global news and press release network Business Wire came under attack starting January 31st last year, and the attacks continued for nearly a week. The attack, described as ‘directed and persistent’ did not compromise Business Wire’s distribution network or customer data, but did create a noticeable slowdown on its website.

The attack seems to have been determined enough to prompt Business Wire into seeking outside help, with COO Richard DeLeo reassuring customers that his team and ‘outside partners’ were working together to resolve the issue. The attack was neither claimed nor traced to a specific perpetrator, and the motive for this DDoS remains unknown – which is unusual for such a sustained and persistent attack.

9) Blizzard’s Online Games Disrupted

When: July 2018

The target: Blizzard’s Battle.net online services

The motive: not known

Peak attack bandwidth: not known

In July 2018, a DDoS attack against the servers and providers of Blizzard online games including Overwatch, Heroes of the Storm, World of Warcraft and others caused problems for gamers. Some suffered severe lag, while others could not log on.

This was an attack against the games rather than against Blizzard. Such attacks are not uncommon, and there are numerous motives. Extortion is a favourite. Gaming companies stand to lose a lot of money if their games are unavailable, and criminals believe they can extract a ransom from the company. Less provable motives sometimes suggested are rival companies seeking to disrupt more popular games, and disgruntled users seeking revenge and hiring a DDoS botnet.

It has even been suggested that this ‘attack’ was a marketing ploy to draw attention ahead of the imminent release of the new Battle for Azeroth expansion release for World of Warcraft — which seems unlikely. No details on attack bandwidth or possible culprit are known.

8) RWE Attacked by Anonymous

When: September 2018

The target: The German energy company RWE

The motive: hacktivism

Peak attack bandwidth: not known

Last September, German energy company RWE suffered a DDoS attack which succeeded in taking its website offline for at least several days. The company filed a police report against the attack, though at first there were no leads on the perpetrator – who turned out to be Anonymous.

This was a politically-motivated DDoS attack rather than a financial or technical one. The attack came amid real-life protests against RWE’s ongoing coal-mining expansion in Hambach Forest. The attack was claimed by Anonymous in a YouTube video, who threatened ‘economic damage’ if RWE proceeded with the plans.

7) The Biggest DDoS Attacks in Cambodian History

When: November 2018

The target: Various Cambodia-based ISPs

The motive: not known

Peak attack bandwidth: not known

Cambodian internet service providers EZECOM, SINET, Telcotech and Digi became victims of a short, intense spate of DDoS attacks in November last year. They were noted as the largest DDoS attacks in Cambodia to date, and caused widespread instability and slowdown for users of the internet services.

EZECOM announced at the time, “Huge volumes of attacking traffic were pushed into Cambodian ISPs data networks. It is the largest attack of its type to date, effectively jamming traffic and slowing down the experience for customers.”

No group came forward to claim these attacks, and with no damage to the victims except service disruption and minor loss of reputation, the motive remains unclear. It has been suggested, based on events in Liberia in 2016, that the attacks could be some form of corporate espionage, but this conjecture is unconfirmed. DDoS attacks are sometimes used to hide other malicious attacks by tying the hands of incident responders.

6) #Tangodown on Banca de España

When: August 2018

The target: Banca de España

The motive: hacktivism

Peak attack bandwidth: not known

In an earlier, but more significant, example of an Anonymous-claimed, politically-motivated DDoS attack, Spain’s central bank was hit by an attack that disrupted services for two days in August 2018. The bank claimed that core services were not affected, and there was no sign of any data breach connected to the attack.

Once again, Anonymous claimed responsibility for this attack, this time in protest of the political situation in Catalonia and the arrests of several prominent Catalonian figures. Anonymous used the #Tangodown hashtag to claim the DDoS, and announced plans to target Spanish government websites in the future.

The method used to attack the bank is not known – but it is worth noting that anyone with access to the dark web, which Anonymous certainly has, can purchase a DDoS attack for as little as $10 per hour.

5) IOTA Attack Disguises Crypto-heist

When: January 2018

The target: The IOTA cryptocurrency

The motive: Financial gain

Peak attack bandwidth: not known

IOTA is a non-blockchain cryptocurrency based around the Internet of Things. As part of IOTA’s design, users are required to provide their own random number seeds, rather than automatically generating one as other cryptocurrencies do. In January 2018, this was exploited when some users used malicious online seed generators, giving attackers full access to their wallets. It is estimated that “at least $3.94m worth of IOTA was stolen” as a result of this. This rose to $11 million throughout 2018, but as of January 2019 the funds have now been recovered.

It was later claimed that a DDoS attack was run against the most prominent IOTA fullnodes while this crypto-heist was in progress. It was reported that the DDoS attack prevented the victims from rescuing their funds. At times, users couldn’t find a single public node to log into and move funds before the attackers did so.

The DDoS was a vital part of the plan, as it locked out users from logging in and trying to rescue their funds. With legitimate users shut out as part of the DDoS, none of the cryptocurrency could be moved or secured, making sure the hackers could take it at their leisure.

4) Dutch Financial Sector Attacked Repeatedly

When: January, then May 2018

The target: Several Netherlands banks, plus the revenue service

The motive: A teenager proving a point (claimed)

Peak attack bandwidth:>30 GBPS

Financial organizations in the Netherlands took quite a pummeling from DDoS attacks in 2018. Early in the year, at the end of January, the banks ABN Amro, Rabobank and ING, as well as governmental tax and revenue services were attacked. The attacks were initially suspected to be linked to Russian cybercriminals, but some at least were eventually found to be the work of a single Dutch teenager. The motive for these attacks was just to prove that he could, and ‘because it is funny’.

However, Recorded Future reported that at least one of the January attacks was the first use of a new DDoS botnet known as Reaper or IoTroop. It said it was a limited attack with a low bandwidth of around 30 GBPS.

These attacks were followed up in May, with a short spate of DDoS attacks again targeting ABN Amro and Rabobank, disrupting services. This time, neither a culprit nor a motive were discovered, but the attacks were similar in magnitude. The banks’ websites experienced some downtime, but no severe compromise to their service or to customers’ data.

3) ProtonMail: An Escalating Quarrel

When: June 2018

The target: ProtonMail

The motive: A hacking group’s chagrin

Peak attack bandwidth:500 GBPS

Any large-scale service provider of any kind is likely to deal with almost constant DDoS attacks. Defense and mitigation technology is fortunately strong enough that in most cases, the effects of these attacks are never felt. In June 2018, the encrypted email service ProtonMail suffered a DDoS attack which caused intermittent outages across several hours. Each outage only lasted a few minutes, but this can be very disruptive for email services.

The attack was claimed by the hacking group Apophis Squad, who were probably motivated by a tweet from Bart Butler, CTO of ProtonMail, who goaded the group over a smaller, less consequential attack. The subsequent sustained DDoS campaign continued for months, but there was apparently no outage of greater magnitude than 10 minutes. A British 19-year-old connected with the group was arrested in September.

2) GitHub Attack Breaks World Record

When: February 2018

The target: GitHub

The motive: Most likely a malicious proof of concept

Peak attack bandwidth:1.35 TBPS

Before February 2018, the largest ever DDoS attack had taken in place in 2016. The hosting company OVH was targeted by a DDoS campaign which took advantage of vulnerabilities in IoT devices to amplify its power. Using this technique, OVH was assailed by up to 1.1 terabytes of data per second at the attack’s peak.

In February last year, similar amplification attacks were used, this time exploiting a vulnerability in the Memcached optimization protocol. We’ve discussed this “Memcrashed” style of attack in a previous blog.

The code repository site GitHub was the subject of this attack, which broke the previous record by reaching a peak of 1.35 Tbps. Although GitHub suffered no prolonged downtime as a result of the attack, it was still the largest ever amount of data-power anyone had been able to leverage in a DDoS attack.

1) Arbor Networks Confirms an Even Larger Attack

When: March 2018.

The target: Unnamed.

The motive: Unknown.

Peak attack bandwidth: 1.7 TBPS

How can anything top a new world record in DDoS attacks? In this case, an attack that breaks that record less than a week later. Very soon after the GitHub attack was confirmed, Arbor Networks published a confirmation of a new, ongoing DDoS attack, this one reaching 1.7 Tbps. This attack exploited the same Memcached vulnerability and used the same reflection and amplification techniques as the GitHub attack.

The target of the attack was not explicitly named, only being called ‘a customer of a U.S. based Service Provider’ in the blog confirming the attack. This leaves the largest DDoS attack of 2018 – and the largest attack the world has seen so far – with more unknowns than any other in this list. Whether this DDoS was financially or politically motivated, or simply a malicious proof of concept exploit, it currently stands as the most significant DDoS in 2018 and in history.

Comments are closed.