top of page

DDoS Reaches Unprecedented Scale in the Terabit Era

Availability issues are striking again and the business can’t operate--it looks like maybe this time a server is down? Determining the root cause can be a challenge, if not impossible, without the right traffic analysis. After all, instead of a server or application issue causing the outage, your worst nightmare could be happening--a distributed denial of service (DDoS) attack.

DDoS attacks aren’t what they used to be. While still viewed as powerful business disruptors, with thousands underway at any given time somewhere in the world, there has actually been a decline in frequency between 2017 and 2018. Great news, right? Unfortunately not. It turns out there is a new alarming trend: DDoS attacks may be less frequent, but they are multiplying in size. According to a recent report, the maximum size of DDoS attacks increased a whopping 174% in the first half of 2018 over the same period in the prior year.

Learn From the Largest Attack

The industry-leading platform Github was hit by 1.35 terabits per second (yes, tera not giga) of traffic in one fell swoop. The company was experiencing the largest DDoS attack on record, completed with an amplification vector using memcached over UDP. For the tech geeks amongst our readers: this type of attack works by abusing memcached instances (a distributed memory system known for high-performance and demand) that are inadvertently accessible on the public internet with UDP support enabled.

While 50x amplified data volumes sounds abhorrent, in total, Github was only offline for five minutes and intermittently unavailable for four minutes after that. In total, that’s fewer than ten minutes, proving that with the right layers of protection any business can weather the biggest DDoS attack in history.

Don’t Overlook the Smaller Attacks

Colossal DDoS attacks may produce headlines, but that shouldn’t be your only concern. There’s another notable method that attackers are using to threaten your business. We’re referring to the popular and affordable, smaller application attacks that go unnoticed for lengths of time until it’s too late. Referred to as “slow-rate” or “low and slow” attacks, cyber criminals masquerade as legitimate requests from users until it overburdens applications, rendering them unresponsive.

As part of multi-vector DDoS attacks, application layer attacks or “layer 7 attacks,” target the application as well as the network and bandwidth. Standing in a category of its own, these attacks become shorter in duration, but growing in frequency, complexity, and persistence. Because of this, application layer attacks can be harder for security solutions to detect than netw