DDoS attacks have seen a huge explosion in size and scale over the last decade.
The last three years alone have seen the largest DDoS attack in history milestone be repeatedly knocked down. One of the most interesting of these in terms of politics was the attack on Hong Kong’s pro-democracy websites in 2015. DDoS attacks reaching 500Gbps at one time were carried out against a number of websites, including independent news site Apple Daily and PopVote, which organised mock chief executive elections, against the backdrop of the Hong Kong Occupy Central protests. Cloudflare, which protected the sites, said it was the largest cyber attack in history, carried out over several months, increasing in intensity every time that pro-democracy activists announced new activities or developments.
Unfortunately, this led to some ISPs, including Virgin Media in the UK, playing into the hands of the attackers by proactively blocking access to protect their own infrastructure.
Blame was hard to apportion. Cloudflare CEO Matthew Prince said “It’s safe to say the attackers are not sympathetic with the Hong Kong democracy movement, but I don’t think we can necessarily say it’s the Chinese government. It could very well be an individual, or someone trying to make the Chinese government look bad.”
2016, however, saw the onset of Mirai and the first attacks, which exceeded 1Tbps per second, nearly double that experienced in Hong Kong. At its peak in September 2016, Mirai temporarily knocked offline such high-profile services as France-hosting provider OVH, U.S.-based DNS provider, Dyn, and U.S. researcher Brian Krebs’ site, Krebs on Security.
Internet of Things (IoT) devices were the reason for the massive spike in size. Mirai began on August 1st 2017 and by the end of that first day, according to Cloudflare, it had infected over 65,000 IoT devices. At its height in November 2016, Mirai enslaved over 600,000 vulnerable IoT devices, including such increasingly ubiquitous connected devices as home-routers, personal surveillance cameras and baby monitors, into a huge botnet.
Mirai marked a huge turning point for DDoS attacks: IoT botnets are now the new norm.
Researchers are now worried about a massive new botnet, known as ‘Reaper’ or ‘IoTroop’, also targeting poorly-defended IoT devices. It has apparently already infected tens of thousands of IoT devices worldwide and reportedly has the potential to be even more devastating than the Mirai botnet. Security researchers have identified an additional 2 million hosts, which have not yet been recruited, but could add to its already ferocious size. Unlike Mirai, which hijacks IoT devices with weak user name or password protection, Reaper exploits integral vulnerabilities, turning infected devices into botnets capable of launching the next wave of massive DDoS attacks.