Last week, we discussed some of the main cyber-threats that occurred in 2016 and the lessons we can learn from them. The preeminent type of attack that occurred time and time again, was Distributed Denial of Service (DDoS).

Amongst the most remarkable 2016 DDoS attacks were:

  • Dyn, The US DNS service provider: For nearly 11 hours, a botnet of 100,000 compromised devices caused many popular websites (such as Twitter, Spotify, The New York Times, Amazon, Etsy, Netflix…) to suffer service disruptions or go offline, impacting more than 1 billion customers worldwide.
  • The Internet-security blog of Brian Krebs: Investigation revealed that it was an unusually powerful attack, with peak traffic at around 620 Gigabits per second (i.e. more than double the size of any previously recorded attack) using GRE traffic (which can’t be spoofed or faked).
  • The US candidates’ campaign websites: in an unusual event, both candidates were targeted with 30-seconds HTTP layer 7 attacks. Prior to this incident, Donald Trump suffered another DDoS attack launched by the Anonymous, targeting his websites and email servers.
  • The Rio Olympics Games: the DDoS campaign targeting the 2016 Olympics Games lasted for several months, peaking at 540 Gbps. Cyber-criminals used LizardStresser, a DDoS-for-hire service. Despite its scale and duration, mitigation measures prevented this campaign from severely disturbing the games or its broadcasting.
  • The Russian Banking System: over two days, at least five of Russia’s major banks suffered a massive DDoS attack from a botnet involving more than 24,000 computers. Luckily they weren’t powerful enough to shut down any of the impacted online customer services.
  • The French cloud computing company OVH: 152,000 infected Internet of Things (IoT) devices were used to launch the largest DDoS attack campaign ever recorded, consisting of two simultaneous DDoS attacks against the third largest internet hosting company in the world. With a combined peak documented at 1 Terabyte per second, it set a new record.

In the first half of 2016, research* showed that:

  • 124,000 DDoS attacks were launched each week
  • The peak size increased by 73% to 579 Gbps
  • 60% of DDoS attacks were application layer attacks

Note: this type of attack tends to be less popular than network layer attacks (thanks to the rise of DNS-based DDoS attacks)

  • SYN DDoS, TCP DDoS and HTTP DDoS continue to be the most used types of DDoS attacks
  • China, USA and South Korea continued to be the most attacked countries
  • Hackers focused their DDoS attacks on institutions specialized in fighting them, as well as on cryptocurrency-affiliated financial institutions and IT security companies
  • One of the most popular trends in the field was the usage of poorly-secured IoT devices in botnets (especially CCTV cameras)


Regardless of how quickly targeted businesses or organisations responded to these attacks, DDoS campaigns proved how effectively cyber-criminals can leverage off infected IoT devices to carry out massive online attacks, quickly creating chaos and badly affecting businesses. Because it is so easy for hackers to employ poorly-secured IoT devices, it’s safe to say that DDoS attacks have now reached a first-time scale and amplitude, and that 2017 will see new records in that field.







*source: Kaspersky Lab