What are DDoS attacks?

Cyber Security Hub explores how and why malicious actors launch this disruptive threat vector

Add bookmark
Olivia Powell
Olivia Powell
03/10/2023

What are ddos attacks

Distributed denial of service attacks, or DDoS attacks, see malicious actors attempt to disrupt a site by overwhelming its infrastructure with a large amount of internet traffic. As DDoS attacks overwhelm a site’s bandwidth, this prevents users from accessing it. 

Here, Cyber Security Hub explores why malicious actors launch DDoS attacks, who they usually target and some key examples of these disruptive attacks. 

Contents 

  1. Why do malicious actors launch DDoS attacks?

  2. What are DDoS-as-a-service sites?

  3. How big was the largest ever DDoS attack?

  4. How hacktivists use DDoS attacks to target their opponents

  5. How DDoS attacks are used to disrupt company operations

  6. How DDoS attacks are used to target online content creators 

Why do malicious actors launch DDoS attacks? 

DDoS attacks are launched with the purpose of causing disruption and taking down sites for a prolonged period of time. As they are disruptive, they are often used by malicious actors as a way of attacking specific individuals or companies. 

For example, hacktivists may use DDoS attacks against government sites or companies, or malicious actors may launch targeted DDoS attacks as a form of harassment against online content creators. This attack vector can also be used to cause harm to companies as they will be unable to function properly if their website is down. 

What are DDoS-as-a-service sites?

In May 2023, the US goverment seized 13 domains linked to 'booter' sites - sites which offer DDoS-attacks-for-hire services. 

These sites allow customers to pay malicious actors to launch DDoS attacks against the victim of their choice, disrupting someone's personal life or a company's business by overwhelming their servers with traffic.

The domain seizure on May 8 revealed that “hundreds of thousands of registered users have used these services to launch millions of attacks against millions of victims”, including financial institutions, school districts, government websites and universities. Additionally, 10 of the 13 domains were reincarnated versions of domains previously seized in a similar sweep in December 2022.

How big was the largest ever DDoS attack? 

On June 1, 2022, Google reported that it had blocked the “largest” DDoS attack on record, which had a peak of 46 million requests per second (rps). 

The attack targeted a user who had employed Google’s network security service Google Cloud Armor user with the authentication and security protocol HTTPS for a duration of 69 minutes. The attack had 5,256 source IPs from 132 countries contributing to it, meaning over 5,000 separate IP addresses were registered as part of the attack.

Google reported that the attack was the biggest DDoS attack that used HTTPS traffic to overwhelm a network, also referred to as a Layer 7 DDoS attack, reported to date. The attack was 76 percent larger than the previous record for a Layer 7 DDoS attack. 

In a blog post about the attack, Emil Kiner, senior product manager for Cloud Armor, and Satya Konduru, technical lead, both at Google, noted that the attack was akin to “receiving all the daily requests to Wikipedia...in just 10 seconds”. 

How hacktivists use DDoS attacks to target their opponents 

Hacktivists, or hacktivism, describes malicious actors who are motivated not by monetary gain but by their political views.

Hacktivists use cyber attacks to further their ideology or make political statements. They frequently utilize DDoS attacks to take websites or services offline. 

Hacktivists target NATO with DDoS attacks

In February, the North Atlantic Treaty Organization (NATO) was the victim of a series of distributed denial of service (DDoS) attacks, causing temporary disruption to some of its sites. 

The DDoS attacks were linked to the Russian hacktivist collective Killnet, which posted via an encrypted channel on social media platform Telegram that it was planning to launch the attacks. The group also appeared to ask for cryptocurrency donations to launch further attacks. 

Jens Stolberg, secretary general of NATO, said that protective measures were deployed in response to the attack. 

Stolberg noted that NATO’s classified networks, which are used to communicate within its command structure and on active missions, were not affected by the DDoS attack. He also said that “the majority of NATO websites were functioning as normal” and that the organization’s technical teams were “working to restore full access”. 

Despite Stolberg’s assurances that the network was not affected, it was reported that communications between NATO and its Strategic Airlift Capability (SAC) were impacted. The SAC was used as part of NATO’s response to the magnitude 7.8 earthquake that hit Syria and Turkey on February 6 and its subsequent aftershocks, with an aircraft being used to fly search and rescue teams and their equipment to an airbase in Turkey. The SAC’s ability to communicate with the aircraft was allegedly affected by network disruption although it did not fully lose contact with the plane. 

DDoS attacks launched against the Swiss government

On June 12, 2023, Russian hacking group NoName used targeted DDoS against the Swiss government to force its government sites offline ahead of a video address by Ukranian President, Volodymyr Zelensky, which was due to take place on June 15. 

NoName said it launched the cyber attack to “thank Swiss Russophobes” for taking on another EU sanctions package against Moscow. The group claimed it had targeted the Swiss police force and justice ministry with DDoS attacks to defend Russia "on the information front", and that it will continue to do so.

The Swiss National Cyber Security Center (NCSC) reported that “various websites of the Federal Administration and enterprises affiliated with the Confederation were unavailable” due to the DDoS attacks launched against them.  

How DDoS attacks are used to disrupt company operations 

DDoS attacks can be launched gaainst companeis to disrupt their business process, causing disruption and potential losses of revenue.

DDoS attacks launched against German airports

In February, seven German airports reported being the victim of a series of DDoS attacks. 

The attack, which took place on February 16, saw the websites of airports including Dortmund, Nuremburg and Dusseldorf taken offline. Larger German airports, including Munich, Berlin and Frankfurt were not targeted in the attack. 

In a statement, the chief executive of Germain airport association, Flughafenverband ADV said “once again, airports fell victim to large-scale DDoS attacks,” but added that “according to the information we have so far, other systems are not affected”. 

German media company Der Spiegel reported that a “Russian hacktivist group” had claimed credit for the attacks. 

World of Warcraft and Diablo 4 taken offline by DDoS attack

Video game company, Blizzard Entertainment, was the victim of a distributed-denial-of-service (DDoS) cyber attack on June 25 which knocked a number of the games it hosts offline. The titles included Diablo 4 and World of Warcraft.

The attack lasted roughly three hours, with Blizzard Entertainment posting updates about the attack to its Twitter page. Following the attack, Blizzard recommend that any players still having connection issues should use a connection troubleshooter.

A number of players of Blizzard Entertainment's games took to the company's forums to discuss the attack. During these discussions, one member of Blizzard’s player forums remarked that it was “not surprising” that a cyber attack was launched against the company.

This comment is could be in reference to any of the controversies Blizzard Entertainment has faced over the past few years. These controversies range from accusations that the company has a toxic, “frat boy” company culture, to players being disappointed with the company’s latest releases like Diablo 4 and Overwatch 2 Season 5.

How DDoS attacks are used to target online content creators 

In November 2021, there were a series of DDoS attacks launched against those streaming the survival horror game, Dead By Daylight. 

The huge amount of traffic launched against players’ IP addresses caused them to be unable to stream or even play the game. It also led to some streamers being ‘doxxed’ - having their personal or identifying information posted publicly online – and ‘swatted’ - having false reports of them being a danger to themselves or others submitted to the police, causing armed police officers to forcibly enter their homes. 

One such victim of a DDoS attack while streaming Dead By Daylight was streamer and drag queen Elix. Bad actors gained access to her IP address, which they used to disrupt streaming of the game, then used the IP address to find and leak her home address. This was then used to make false reports of violence at the address, which caused Elix’s home to be raided by police, leading to herarrest.  

Fellow drag queen Eveohh was also the victim of several DDoS attacks while attempting to stream Dead By Daylight. She was a target so frequently that she claimed she was “truly the [number one] DDoS survivor”. 

While the reason behind the Dead By Daylight DDoS attacks was not given, it has been speculated that due to the game’s popularity within the LGBT community and the fact that many of the streamers targeted were LGBT creators meant that the attacks were motivated by homophobia.

The game’s developer, video game company Behaviour Interactive said to Eurogamer that they were “aware of certain targeted cases of distributed denial of services”, saying that they both “deplore” the attacks and “take [them] extremely seriously”.  

Behaviour Interactive said it was investigating the attacks and encouraged any players or streamers to report any DDoS attacks or inappropriate or abusive behavior in the game to the company. 


RECOMMENDED