The size of distributed denial of service (DDoS) attacks is increasingly becoming bigger and more sophisticated, but not as quickly as once anticipated. However, some are contemplating if the size of such attacks is as significant as previously considered. Ever since Spamhaus was hit three years ago by a 300Gbps DNS reflection attack, numbers have always been the issue.
DDoS attacks haven’t gotten any bigger since then. The more modest attacks have been aimed at small and less protected networks as bigger data centers have acquired larger sinkholes. Moreover, cybercriminals have breached a number of protocols in order to boost the size of DDoS by using reflection storms.
Incapsula, Imperva’s anti-DDoS department, recorded a 470Gbps “brute of an assault” against a Chinese gambling company in June 14. The initial and most massive wave persisted for four hours and was followed by others over a span of several days. This appears smaller when compared to the New Year’s Eve attack on the iPlayer site of BBC, which was said to have reached 600Gbps. However, that figure has never been verified and many doubt it sans solid evidence. A few days later, software firm Arbor Networks reported a more reliable figure of 500Gbps in an attack that occurred last year.
In case that is the biggest DDoS reported publically, the recent attack battled by Imperva pushes it to the brink of bagging the record of being the biggest and baddest ever. The Imperva attack is also atypical in the sense that the attackers used nine packet types, commencing with a SYN flood before attempting UDP and TCP.
Imperva is obviously recounting this because it managed to mitigate the attack, which is likely the real story. Hackers and cybercriminals are still launching massive attacks but mitigation services are often up to the task. This perhaps simply redirects attacks elsewhere, on to more vulnerable targets.
Big DDoS attacks will be occasionally reported but it is a mistake to solely focus on numbers. Size really is not everything, even in cyberspace. What truly matters is how frequent the attacks occur and how much is being spent to successfully mitigate them. A whole industry is being built based on this stark realization.