Giant DDoS attacks are now hitting 500Gbps as criminals flex their muscles

More businesses are reporting extortion attempts after suffering flooding attacks on their servers.
Written by Liam Tung, Contributing Writer

Criminals showing off and extorting money are the main motivators for denial-of-service attacks.

Image: iStock

Criminals flexing their technical muscles was the biggest motivation last year behind distributed denial-of-service attacks (DDoS), which involve flooding a target's web servers with junk traffic, according to an analysis by Arbor Networks.

Given that online criminals showing off their capabilities was the number one reason for such attacks in 2015, it is unsurprising that the company found in its 2015 infrastructure report that this was closely followed by "criminal extortion attempts".

For example, Swiss CERT in October warned local hosting providers of extortion DDoS attacks from a hacker group, which would typically launch a demo DDoS attack alongside a corresponding demand for payment in Bitcoin. Failure to pay would result in a subsequent DDoS attack.

Arbor Networks' survey found the largest attack reported last year was 500Gbps, with others reporting attacks of 450Gbps, 425Gbps, and 337Gbps.

Though the reported 500Gbps is large, it wouldn't be the first time an attack of this scale has occurred. Content delivery network CloudFlare also reported a DDoS attack of 500Gbps against several Hong Kong media sites amid the Chinese region's Occupy Central protests of 2014.

Still, Arbor Networks found that 25 percent of respondents saw peak attacks exceed 100Gbps compared with 20 percent last year reporting attacks exceeding 50Gbps.

Arbor Networks this year also attempted to gauge the cost per minute organisations faced under a DDoS attack. Few respondents answered this survey question, however of those that did, nearly two-thirds estimate costs exceeded $500 per minute.

For this year's report, Arbor Networks had surveyed 354 respondents from Tier 1, 2, and 3 service providers, hosting, mobile, enterprise, and other types of network operators covering the year to November 2015.

Read more about DDoS attacks

Editorial standards