One Year after the Largest DDoS Attack

It’s been a full year since what most believe to be the world’s largest volumetric Distributed Denial of Service (DDoS) attack occurred. The Domain Name Service Provider Dyn came under attack by two large and complex DDoS attacks against its Managed DNS infrastructureon October 21, 2016 over the course of several hours. Because of the attacks, dozens of major Internet platforms and services (popular brands such as Twitter, Spotify, Basecamp, Comcast, Reddit, Netflix and others) were unavailable to thousands (millions?) of users in Europe and North America.

Early on in the investigation it was clear that the means of the attack was the Mirai botnet, which harnessed tens of thousands of smart devices connected to the Internet of Things (IoT). With the exponential growth of IoT-connected devices, hackers will have ever-greater opportunities to leverage the Mirai code to recruit un-secured Smart devices into botnets. 2017 has yet to witness such a similar volumetric attack, but the potential still exists.

It remains unclear who carried out the attack (there have been claims from hacktivists and theories, but no definitive conclusion.) Reportedly, the attack on Dyn was 1.2 tbps in magnitude, though Dyn has not confirmed that fact. If true, then it was the largest DDoS attack ever recorded (in terms of magnitude, not length of time).

When under a DDoS attack, IT security teams typically have trouble distinguishing between good and bad traffic to their network. According to Dyn’s post-incident report, “During a DDoS which uses the DNS protocol it can be difficult to distinguish legitimate traffic from attack traffic.” Yes, it is difficult to detect and block bad (DDoS) traffic, but it’s not impossible. As DDoS hackers have become more prolific and more sophisticated, so has DDoS protection technology. An automated, real-time anti-DDoS solution can stop DDoS attacks at the edge of the network, as well as provide security event analytics and reporting.

Here’s an example of the Corero SecureWatch® Analytics in action, displaying a DDoS attack attempt:

DDoS attack

It’s not really a question of if a terabit-scale DDoS attack will strike again, but rather when. Any organization connected to the Internet, or the Internet itself can fall victim to a DDoS attack.

Fortunately, more and more Internet Service Providers have taken significant steps to detect and mitigate DDoS attacks before they impact downstream customers. These proactive service providers, in many cases provide DDoS protection as a service to their customers, and their customers are willing to pay premium security service fees for it.

Taking a proactive stance against the modern day DDoS attack requires real-time, automated protection.