LARGEST DDOS CYBER ATTACK EVER RECORDED...DDoS attacks and describes how, in 2013, 30% of DDoS...
2
LARGEST DDOS CYBER ATTACK EVER RECORDED Since 1990 we have been committed to helping clients understand the threats to their people, information, property and reputation. Our global team provides you with the expertise to mitigate and manage security risks so that you can focus on opportunities and meet objectives. NYA24 INSIGHTS ARTICLE MARCH 2018 Largest DDOS Cyber Attack Ever Recorded On 28 February the most powerful distributed denial of service (DDoS) attack ever recorded struck the software development platform GitHub. At 1215 local time, the company was suddenly hit by 1.35 terabits of traffic per second. GitHub suffered several outages over a 10-minute period while its DDoS mitigation service took over as an intermediary, routing all the traffic coming in and out of the site. Since the DDoS attack, there is reported to have been a ransom demand made in the data payload of 50 Monero (USD15,000). The most recent incident comparable in scale occurred in October 2016, against domain name server (DNS) and email delivery service provider Dyn. The company was suddenly inundated with 1.2 terabits of traffic per second that temporarily forced websites such as Twitter, Spotify and Reddit offline. What is a DDoS Attack? A DDoS attack prevents a website or server from operating properly. It does this by targeting “nodes” – devices in an IT network which handle the transfer of data (eg. emails/website content). “Nodes” can only manage a certain amount of data traffic. When the amount of data passing through the “nodes” reaches maximum capacity, data traffic rates slow downor halts completely – potentially crashing systems. DDoS attacks use numerous devices (“attack vectors”) to try and crash the target site or server. Cyber criminals normally do this by infecting various unsuspecting computers with malware, which can then be manipulated to unknowingly take part in the attack through sending excessive ping requests targeting a domain server and causing it to crash. Manipulated computers are referred to as “zombies” and a network of “zombies” is known as a“botnet.” What is the point of a DDoS Attack? The motivation for launching DDoS attacks is not always clear. In 2014, the hacking group Lizard Squad caused Sony and Microsoft gaming services to crash on Christmas Day. One member of the group later claimed the attack was carried out “for laughs”. However, if a state or criminal actor wishes to target a business or national government, a large-scale DDoS attack can cause significant disruption and inflict considerable financial losses. A Cert-UK report noted that cyber criminals can hold victim organisations to ransom with DDoS attacks and describes how, in 2013, 30% of DDoS attacks cost their victims at least USD100,000 per hour. Three weeks of mass DDoS attacks targeting Estonia in 2007 forced government, political party, media, and business websites to shut down, prompting a response from NATO. Finally, another often overlooked motive for launching a DDoS attack is to cover up another more targeted cyber attack. Due to the overwhelming amount of traffic that impacts organisations’ IT systems during a DDoS event, it is extremely difficult for post-incident investigators to examine all the logs which collect data on connections to and from servers. INSIGHTS ARTICLE OUR VALUES By Hugo Hadcock Join Hugo on LinkedIn
Transcript of LARGEST DDOS CYBER ATTACK EVER RECORDED...DDoS attacks and describes how, in 2013, 30% of DDoS...
LARGEST DDOS CYBER ATTACK EVER RECORDED
Since 1990 we have been committed to helping clients understand the threats to their people, information, property and reputation. Our global team provides you with the expertise to mitigate and manage security risks so that you can focus on opportunities and meet objectives.
NYA24 INSIGHTS ARTICLE MARCH 2018
Largest DDOS Cyber Attack Ever RecordedOn 28 February the most powerful distributed denial of service (DDoS) attack ever recorded struck the software development platform GitHub. At 1215 local time, the company was suddenly hit by 1.35 terabits of traffic per second. GitHub suffered several outages over a 10-minute period while its DDoS mitigation service took over as an intermediary, routing all the traffic coming in and out of the site. Since the DDoS attack, there is reported to have been a ransom demand made in the data payload of 50 Monero (USD15,000). The most recent incident comparable in scale occurred in October 2016, against domain name server (DNS) and email delivery service provider Dyn. The company was suddenly inundated with 1.2 terabits of traffic per second that temporarily forced websites such as Twitter, Spotify and Reddit offline.
What is a DDoS Attack?A DDoS attack prevents a website or server from operating properly. It does this by targeting “nodes” – devices in an IT network which handle the transfer of data (eg. emails/website content). “Nodes” can only manage a certain amount of data traffic. When the amount of data passing through the “nodes” reaches maximum capacity, data traffic rates slow downor halts completely – potentially crashing systems. DDoS attacks use numerous devices (“attack vectors”) to try and crash the target site or server. Cyber criminals normally do this by infecting various unsuspecting computers with malware, which can then be manipulated to unknowingly take part in the attack through sending excessive ping requests targeting a domain server and causing it to crash. Manipulated computers are referred to as “zombies” and a network of “zombies” is known as a“botnet.”
What is the point of a DDoS Attack?The motivation for launching DDoS attacks is not always clear. In 2014, the hacking group Lizard Squad caused Sony and Microsoft gaming services to crash on Christmas Day. One member of the group later claimed the attack was carried out “for laughs”. However, if a state or criminal actor wishes to target a business or national government, a large-scale DDoS attack can cause significant disruption and inflict considerable financial losses.
A Cert-UK report noted that cyber criminals can hold victim organisations to ransom with DDoS attacks and describes how, in 2013, 30% of DDoS attacks cost their victims at least USD100,000 per hour. Three weeks of mass DDoS attacks targeting Estonia in 2007 forced government, political party, media, and business websites to shut down, prompting a response from NATO.
Finally, another often overlooked motive for launching a DDoS attack is to cover up another more targeted cyber attack. Due to the overwhelming amount of traffic that impacts organisations’ IT systems during a DDoS event, it is extremely difficult for post-incident investigators to examine all the logs which collect data on connections to and from servers.
INSIGHTS ARTICLE
OUR VALUES
By Hugo HadcockJoin Hugo on LinkedIn
NEW YORK
77 Water StreetNew York, 10005United States of America
LONDON
40 Lime StreetLondon, EC3M 7AWUnited Kingdom
SINGAPORE
One Raffles Place Tower 11 Raffles PlaceSingapore, 048616Singapore
CONTACT US
w: nyarisk.com E: [email protected]
MITIGATION MEASURES
@NYARisk
NYA’s Cyber Risk Management services help you establish and reinforce processes and controls that protect your assets and build and test your organisation’s resilience to incidents.
In the event of an incident or a crisis occurring, NYA’s crisis response consultants provide you with practical advice, options and scenario planning based on years of experience and best practice procedures.
To find out how we can help your organisation, contact us today
MITIGATION MEASURESThe UK’s National Cyber Security Centre (NCSC) lists four common methods to help mitigate against a DDoS attack:
• The first is to employ preventative measures upstream. This means transferring as much protection as possible “upstream” to the internet service provider (ISP).
• The second method is to use content delivery networks (CDNs). CDNs have access to internet infrastructure all over the world with numerous routes in and out of a network, making it difficult to carry out DDoS attacks.
• The third method is competent system monitoring, so that a victim can recognise an attack immediately.
• Finally, the fourth method is to use a host in the cloud. Cloud hosting helps reduce the impact of a DDoS attack by offering services in several different regional or geographic locations, which can potentially increase a server’s resilience to an attack - if services in one region are targeted others may continue to operate normally.
