Products
Edge AI
AI Training
GPU Cloud
GPU CloudBoost AI/ML training with servers powered by NVIDIA
AI Inference
Inference at the Edge
Inference at the EdgeAccelerate your ML model inference for fast global performance
AI Applications
Image Generator
Image GeneratorCreate realistic and stunning images with ease
Speech-to-Text Translator
Speech-to-Text TranslatorTranslate from English to Luxembourgish seamlessly
Edge Cloud
Compute
Basic VMs
Basic VMsManage workloads on affordable shared virtual servers
Virtual Machines
Virtual MachinesRun apps on customizable dedicated virtual servers
Bare Metal
Bare MetalDeploy apps on powerful dedicated physical servers
Containers
Managed Kubernetes
Managed KubernetesDeploy, manage, and scale Kubernetes clusters easily
Container as a Service
Container as a ServiceRun containerized apps without server provisioning
Container Registry
Container RegistrySecurely store, manage, and deploy container images.
Function as a Service
Function as a ServiceExecute serverless code functions efficiently
Networking
Load Balancer
Load BalancerRoute traffic optimally to improve app performance
5G Network
5G NetworkDeploy apps and securely connect mobile devices via 5G
Virtual Private Cloud
Virtual Private CloudManage resources in a secure isolated private cloud
Hosting
Virtual Servers
Virtual ServersHost on virtual servers with no traffic restrictions
Dedicated Servers
Dedicated ServersHost on physical servers with worldwide availability
Storage
Object Storage
Object StorageStore data in fast and scalable S3-compatible storage
File Shares
File SharesShare files across servers easily using NFS protocol
Databases
Managed PostgreSQL
Managed PostgreSQLProvision fully managed PostgreSQL databases with ease
Monitoring
Managed Logging
Managed LoggingCollect, store, and analyze application logs
About Edge Cloud
Edge Network
Application Performance
CDN
CDNAccelerate dynamic and static content delivery
FastEdge
FastEdgeDeploy serverless apps with low-latency edge computing
Media Delivery
Video Streaming
Video StreamingDeliver high-quality live and on-demand video at scale
DNS
Managed DNS
Managed DNSEnsure application availability with authoritative DNS
Public DNS
Public DNSProtect online privacy with a free DNS resolver
About Edge Network
Edge Security
Network Security
DDoS Protection
DDoS ProtectionProtect your infrastructure from evolving DDoS attacks
Application Security
WAAP
WAAPSecure apps and APIs from DDoS, bots and OWASP attacks
Solutions
By Industry
Gaming
CDN for Gaming
Game Server Protection
Game Development
Retail
CDN for E-commerce
Media & Entertainment
CDN for Video
Metaverse Streaming
TV & Online Broadcasters
Sport Broadcasting
Online Events
Financial Services
Cloud for Financial Services
Technology
Image Optimization
Web Acceleration
Wordpress CDN
Education
Online Education
By Need
Web Acceleration
Web Acceleration
Image Optimization
Wordpress CDN
Security
Game Server Protection
Video Streaming
CDN for Video
Video Hosting
Live Streaming
Availability
Multi-CDN
Cloud
Web Service
Game Development
Online Store
Migration to the Cloud
ERP in the Cloud
Pricing
Resources
Resources
Blog
Case Studies
Ebooks
Reports
White Papers
Events
Documentation
Docs
API
Product Roadmap
Help Center
Gcore Status
Tools
Looking Glass
Speed Test
Developer Tools
Partners
Partners
Intel
Intel | New CPU Generation
Intel | Ice Lakes
Hesp
Equinix
InData Labs
Ampere
Unum
Programs
White Label Solutions
Referral Program
Why Gcore
Company
About Gcore
Press
Awards
Careers
Legal Information
Platform
Network
Infrastructure
Internet Peering Points
Compliance
Under attack?Under attack?
en
Contact usContact us
Contact us

Select the Gcore Platform

Recommended
Gcore Edge Solutions Go to Gcore Platform → Go to Gcore Platform →

Products:

  • Edge Delivery (CDN)
  • DNS with failover
  • Virtual Machines
  • Bare Metal
  • Cloud Load Balancers
  • Managed Kubernetes
  • AI Infrastructure
  • Edge Security (DDOS+WAF)
  • FaaS
  • Streaming
  • Object Storage
  • ImageStack (Optimize and Resize)
  • Edge Compute (Coming soon)
Show full list
Gcore Hosting Go to Gcore Hosting →
  1. Home
  2. Insights
  3. The most dangerous DDoS attacks of our time

The most dangerous DDoS attacks of our time

June 29, 2020 7 min read
The most dangerous DDoS attacks of our time

As projects and organizations grow, they acquire new resources and, accordingly, they face new threats. Sometimes even small businesses become victims of cybercrime.

The reasons for attacking digital resources can vary from hunting for valuable data and access to intentionally damaging an organization’s reputation and finances. In any case, security should be the top priority.

Over the last few years, cloud infrastructure, and especially public clouds, has become very popular. Thousands of companies worldwide, from small businesses to massive giants, rely on cloud services.

Cyber threats can harm any online business if appropriate security measures aren’t in place.

Types of DDoS attacks

DDoS attacks (Distributed Denial of Service) are one of the most widespread cyber threats. Its goal is to literally deny service.

Such attacks disrupt the functioning of servers, websites, and web services by flooding them with an excessive amount of requests. Resources that aren’t designed for high loads then stop working, thus becoming unavailable to users. Also, DDoS attacks exploit vulnerabilities at the network protocol and application layers.

The term ‘distributed’, when applied to this type of attack, means that perpetrators covertly use entire networks of infected devices—botnets—as sources of attacks. Device owners often have no clue that attacks are performed from their computers and IP addresses. Devices within the Internet of Things (IoT) are especially suitable for such purposes because the number of them continues to grow while the protection they have remains quite weak.

Even though almost half of DDoS attacks is of a mixed nature, three main categories can be named.

Volumetric attacks

High volume attacks (i.e. flooding). This is the most widespread type. Perpetrators send a large number of requests to the server, and the resulting traffic blocks network bandwidth capacity.

The volume of such attacks can reach several terabits per second. As a result, unprepared infrastructures crash and stop processing requests.

Types of volumetric attacks:

  • DNS Amplification
    DNS Amplification

    Multiple requests are sent to a public DNS server on behalf of the targeted resource (the target server IP address is indicated in the requests). Such requests require many responses that are redirected to the targeted server.

  • DNS Flood
    DNS Flood

    Requests to a DNS server from multiple IP addresses. It’s very difficult to detect malicious packets among all requests received by a server.

  • ICMP Flood
    ICMP Flood

    ICMP packets don’t require confirmation of receipt, so it is extremely difficult to separate them from malicious traffic.

  • SYN Flood
    SYN Flood

    Sending an excessive number of requests to open new sessions in order to make the connection table run out of memory.

Protocol attacks

These attacks exploit vulnerabilities of such network protocols as TCP, UDP, and ICMP (Layers 3 and 4 of the OSI model). In this case, the purpose is to overload network capacity not with a giant amount of traffic but with pinpoint actions that exploit network defects.

Protocol attack example:

  • POD
    POD (Ping of Death)

    Pinging the server by sending malformed or oversized packets.

Application attacks

These are application layer attacks (Layer 7 of the OSI model). They are aimed at web servers and applications, such as a website’s CMS. The main purpose is to knock the web resource out of service. This can be done, in particular, by overloading the CPU or RAM.

This can be achieved with an external HTTP request. In response, the system starts processing a large number of internal requests it’s not designed for.

Types of application layer attacks:

  • Slowloris
    Slowloris

    A bot opens many sessions on the server without responding to them, thereby provoking a timeout. As a result, such fake sessions consume server resources, leading to its unavailability.

  • HTTP Flood
    HTTP Flood

    An excessive number of GET and POST requests are sent to the server to get the “heaviest” elements of the website.

The most dangerous DDoS attacks of our time

Due to the high effectiveness of some attacks, they are particularly popular among perpetrators. The most serious incidents of our time are related to DDoS attacks of a special type.

DNS Reflected Amplification

This subtype of Volumetric attacks is a combination of two malicious factors. First, the attacker simulates a request from the targeted server by putting its IP address into the request, ultimately using a public DNS server as a “reflector.” The DNS server receives the request indicating the targeted server and returns a response to it, thus “reflecting” the request.

A lot of data, not just the IP address of the domain, can be requested, which means the response of the DNS server can become many times larger. Finally, traffic can be maximized by querying through a botnet. Thus, it is highly likely that the bandwidth of the targeted server will be overloaded.

The attack against GitHub

The most famous use of DNS Reflected Amplification was the attack on GitHub in February 2018, which is the largest known DDoS attack. It came from thousands of different autonomous systems and tens of thousands of unique endpoints. The attack reached 126.9 million packets per second at peak times. The traffic flow reached 1.35 Tbps, and the gain ratio (amplification ratio) reached 51,000.

Generated UDP Flood

Generated UDP Flood combines the generation of excess traffic and elements of protocol-layer attacks.

The attack sends UDP packets from fake IP addresses to a targeted IP address and server port. With a correctly-selected packet parameter and intensity of sending, it’s possible to simulate legitimate traffic. Identifying junk requests then becomes extremely difficult.

Such an attack was carried out against the Albion Online MMORPG server. As a solution to eliminate the threat, a Gcore software package combining various methods was selected:

  • Rate Limiting
    Rate Limiting

    limitation on traffic

  • Regexp Filtering
    Regexp Filtering

    filtering packets that coincide with regexp in payload

  • Whitelisting
    Whitelisting

    adding authorized player IP addresses to a whitelist

  • Blacklisting
    Blacklisting

    adding unauthorized player IP addresses to a blacklist

  • IP Geolocation Filter
    IP Geolocation Filter

    blocking IP addresses based on geolocation

  • Gcore Challenge Response
    Gcore Challenge Response (CR)

    a unique protocol that is integrated on the client’s side and that allows IP address validation

How we protected Albion Online against complex and massive DDoS attacks

HTTP GET/POST Flood

This is a web application layer attack. In this case, a continuous stream of GET and POST requests is sent to the server, and at first glance, they seem legitimate. The problem is that the attacker does not wait for responses but instead sends requests constantly. As a result, server resources are exhausted in the course of processing them.

HTTP Flood was used at the very beginning to accurately determine the frequency of requests and the amount of traffic needed for denial of service. This method was used as an auxiliary one, and others were employed afterwards.

Hit-and-run

Hit-and-run is a subtype of volumetric attacks, but it works differently from the majority of other attacks. These are short bursts of traffic with a volume of hundreds of gigabits per second, sometimes lasting 20 to 60 minutes or even less than a minute. They are repeated many times over a long period—sometimes days or even weeks—at intervals averaging 1 to 2 days.

Such attacks gained popularity because they’re cheap. They are effective against protection solutions that are activated manually. The danger of Hit-and-run is that constant protection requires continuous monitoring and availability of response systems.

Hit-and-run

The main targets of hit-and-run attacks are online game servers and service providers.

SYN Flood

This is another example of a volumetric attack. A standard connection to the server via TCP is made by using the three “handshakes” method.

At the first stage, the client sends a packet with an SYN flag for synchronization. The server responds with an SYN-ACK packet notifying the client of the receipt of the first packet before offering to send a final, third packet to confirm the connection. The client doesn’t respond with the ACK packet, which allows the flood to continue and thereby overload server resources.

The attack against Eurobet

Some of the largest companies became targets of SYN Flood and similar types of attacks at different times, such as Amazon, SoftLayer (IBM), Korea Telecom, and others. One serious incident was the disabling of the Eurobet Italia SRL sports betting website in October 2019. Later that month, several financial and telecommunication companies in Italy, South Korea, and Turkey fell victim to TCP SYN-ACK Reflection.

Slowloris

This is an application layer DDoS attack subtype. Slowloris (or session attack) aims to “exhaust” the targeted server. The perpetrator opens many connections and keeps each one open for as long as possible until timeout occurs.

Such attacks aren’t easy to detect since the TCP connection is already established and the HTTP requests look legitimate. After some time, this tactic allows the attacker to take over all connections, thus blocking real users from accessing the server.

Attacks in Iran

Slowloris became widely known during the Iran presidential election when attackers attempted to disable government websites.

How to set up reliable protection : 3 main steps

Cybersecurity is a narrow competency that can hardly be covered as easily as HR or accounting, no matter how advanced the company is. It’s important to ensure that your service and infrastructure providers are deeply immersed in cybersecurity issues and have established themselves as true professionals.

3 main steps for reliable protection:

  • 1

    Use a tried and tested solution for continuous DDoS protection.

  • 2

    Develop an action plan in case of an attack.

  • 3

    Regularly run system health checks and eliminate application vulnerabilities.

A proven solution for continuous DDoS protection

When we consider cloud infrastructure security, special attention is required.

A server is one of the foundations for any web service, application, or site. If an attack leads to a loss of user access to resources, the consequences can be disastrous. There are financial and reputational risks, the potential compromising of confidential information, the destruction of valuable resources, and legal risks.

To keep your assets safe, it’s important to use proven online protection.

Protection should include the following elements:

  • Tools for continuous traffic monitoring and detection of suspicious activity

  • Adding IP addresses to blacklists and whitelists

  • Threat notification system

  • Attack neutralizing system

It’s especially important not to block user traffic along with malicious traffic when eliminating the threat.

A good example of effective fine tuning is Gcore’s DDoS Protection Service. This service is useful for any online business: media resources, game developers and publishers, telecom companies, insurance business, banks, and online stores.

Intelligent traffic filtering based on the analysis of statistical, signature, technical, and behavioral factors makes it possible to block even single malicious requests without affecting ordinary users.

An action plan in case of an attack

A response plan aims to limit the damage caused by a DDoS attack. It’s a clear sequence of actions and measures to be taken immediately as soon as a threat occurs.

A detailed action plan should include the following:

Regular system health checks and elimination of application vulnerabilities

To prevent a surprise DDoS attack and keep damage to a minimum, the protection mechanisms should be constantly improved. This rule applies not only to the tools designed to repel attacks, but also to the protected infrastructure and application.

Here’s a list of potential threats:

  • Authentication stage

    Authentication stage vulnerabilities

  • Code insertions

    Malicious code insertions

  • Cross-site scripting

    Cross-site scripting

  • Encryption vulnerabilities

    Encryption vulnerabilities

  • Logical errors

    Logical errors, imperfect data structure

Scanning systems for vulnerabilities and constantly updating application code will help keep company resources resilient to most known cyber threats.

Protect your business

Gcore solutions for server and web application protection against DDoS attacks help online businesses all over the world stay available and keep their clients.

Contact us. Our specialists will explain why our technology is unique and they’ll help you configure effective and reliable protection.

Protect your business against DDoS attacks

Table of contents

Try Gcore WAAP

The most dangerous DDoS attacks of our time

Related articles

Securing web applications and APIs at the edge: the power of edge WAAP
Securing web applications and APIs at the edge: the power of edge WAAP
As application architectures become more distributed, securing web applications and APIs requires a proactive, adaptable approach that goes beyond traditional web application firewalls (WAFs). When deployed at the edge, web application and API protection (WAAP) solutions improve security by placing protections closer to end users and possible threats. This strategic […]
November 14, 2024 3 min read
Cyber Monday is coming. So are the hackers
Cyber Monday is coming. So are the hackers
Black Friday and Cyber Monday (BFCM) are two of the biggest online shopping days of the year. In 2023, holiday season e-commerce sales revenue in the US alone reached more than $12 billion, with a further increase expected this year. As online shopping has increased in popularity over the last decade […]
November 13, 2024 4 min read
Trends and Directions in the CDN Industry: Expert Insights from Gcore’s Tucker Preston
Trends and Directions in the CDN Industry: Expert Insights from Gcore’s Tucker Preston
Content delivery networks (CDNs) have been around since the 1990s, and have undergone major changes to meet user expectations and the uptake of the internet in years since. The pace of change hasn’t slowed, and the CDN provider market today is characterized by innovation and competition. To explore these changes, […]
October 10, 2024 5 min read
The Business Economics of Sovereign Cloud Adoption
The Business Economics of Sovereign Cloud Adoption
Countries worldwide are tightening their data protection regulations, pushing organizations to rethink their data storage strategies. In July 2021, the Luxembourg National Commission for Data Protection (CNPD) fined Amazon a record €746 million for violating the European Union’s General Data Protection Regulation (GDPR). The fine stemmed from issues related to how Amazon […]
October 9, 2024 4 min read
How WAAP Stops Common Web Application Threats
How WAAP Stops Common Web Application Threats
When you hear the phrase “common web application threats,” you might assume they’re easy to stop. After all, if they’re so well-known, shouldn’t they be straightforward to defend against? Unfortunately, that’s not the case. The reality is that even the most widespread threats—like SQL injection, cross-site scripting (XSS), and credential […]
October 7, 2024 4 min read
AI Regulations are Changing; Sovereign Cloud Helps Businesses Comply
AI Regulations are Changing; Sovereign Cloud Helps Businesses Comply
AI has taken the world by storm, moving so fast in recent years that regulators simply couldn’t keep up. Concerns about how training data was being sourced and whether inference data was being stored raised major ethical concerns, with critics sounding concerns about AI becoming the technological Wild West. Fortunately, […]
October 3, 2024 4 min read
Cybersecurity Without WAAP: The Devastating Reality of Web Attacks
Cybersecurity Without WAAP: The Devastating Reality of Web Attacks
The consequences of not implementing digital security are clear: data theft, downtime, lost revenue, and reputational damage. But what may be less clear at first glance is that the consequences of inadequate security are just as severe. Although organizations may be reluctant to embrace the latest innovations of an already […]
September 23, 2024 3 min read
How to Make Sure You Choose the Right CDN Provider in a Turbulent Marketplace
How to Make Sure You Choose the Right CDN Provider in a Turbulent Marketplace
$300,000+. That’s what it costs 93% of enterprises if their website goes down for just an hour. It could be worse: 48% of enterprises lose over $1 million per hour, and 23% suffer a staggering $5 million+ per hour in downtime costs. And if you work for one of the world’s top […]
September 20, 2024 3 min read

Subscribe
to our newsletter

Get the latest industry trends, exclusive insights, and Gcore
updates delivered straight to your inbox.
Subscribe