DDoS Diary


Q1 2017

DDoSDiary.com — sponsored by Nexusguard – provides chief information security officers (CISOs) and IT security teams with a quarterly list of noteworthy DDoS attacks targeted at organizations of all sizes and types.


DDoS-for-hire on the rise, U.S. ranks No. 1 in DDoS attacks

Record number of DDoS attacks launched, underground sites provide hackers with tools aimed at IoT devices

bradcaseyheadshotBrad Casey

Menlo Park, Calif. – Apr. 6, 2017

DDoS attacks plagued schools, governments, web hosts, media sites, and organizations globally in the first quarter of 2017.

Researchers at one vendor discovered 3,700 DDoS attacks per day. Another vendor reports the U.S. accounts for 24 percent of DDoS attacks globally.

Nexusguard shares that multi-vector attacks are the most complex type of DDoS attack, and they are on the rise. They use a combination of different DDoS attack tools and approaches which are merged together to halt the target. Cyber defenders should expect a proliferation of multi-vector attacks in the coming months.

Most disconcerting is the increased throughput of DDoS attacks, leading to greater downtime and damages on the victims.



Mar. 30.  ‘Mirai’ variant hits U.S. college with 54-hour long DDoS attack.  Utilizes HTTP traffic as it maintains traffic flow of 30,000 requests per second.

Mar. 28.  South Korean Ministry of Foreign Affairs hit by Chinese DDoS attack as China continues to express displeasure with U.S. missile defense system.

Mar. 27.  DDoS attacks against K-12 schools becoming an increasing problem as several school districts have been severely effected in the past year.  State of Utah adopts cloud solution that utilizes Unicast Reverse-Path Forwarding.

Mar. 26.  Nexusguard reports that DNS was the leading method utilized for DDoS attacks in Q4 2016.  17,872,563 DNS queries for the domain cpsc.gov were the leading cause of malicious traffic.

Mar. 24.  In the spirit of entrepreneurship, crime lords offer customers ‘loyalty points.’  Some DDoS-for-hire services cost as little as $7 per hour.

Mar. 24.  Hawaiian Telcom implements cloud-based DDoS protection by deploying Secure Internet Protection.  Deployment due to 125% rise in DDoS activity since last year.

Mar. 21.  Website of Daphne Caruana Galizia DDoS’d and taken offline.  Galizia, sometimes referred to as a ‘one woman WikiLeaks’ suspects the perpetrator to be of Maltese origin.

Mar. 21.  Google delves into the election security realm as it partners with Jigsaw to guard against email phishing scams, such as the one suffered by John Podesta.  Creates new extension for Chrome called ‘Password Alert.’

Mar. 17.  Israel preparing for annual DDoS attack by Anonymous.  Annual attack takes place on April 7th.

Mar. 17.  Israeli law enforcement recommends indictment and prosecution of two 18-year-olds who started attack service known as vDOS.  vDOS allegedly caused $1.65 million in damage.

Mar. 15.  Dutch voting aid website Kieskompas, taken down by DDoS attack.  Turkish hacking group suspected.

Mar. 15.  Akamai reports that the Taiwan high tech industry was targeted by record numbers of DDoS attacks last month.  Most source IP addresses in Taiwan.

Related: Debuting The World’s First Cloud DDoS Monitoring Service. Sign Up for a Demo of the Nexusguard Remote DDoS Monitoring Service.

Mar. 15.  President Trump calls for private sector war against botnets.  Trump wants telecom providers to be more involved in DDoS mitigation.

Mar. 15.  Due to the high availability of IoT devices, DDoS-for-hire has become an increasing problem.  Security researchers indicate that it’s as easy as going to an underground site, and asking for the Mirai scanner code to locate vulnerable IoT devices.

Mar. 13.  ID Ransomware service hit by DDoS attack by author of Enjey ransomware.  Creator of Enjey apparently angry over the ID Ransomware’s ability to decrypt ransomware.

Mar. 10.  A10 Networks alleges that DDoS attacks from IoT devices reaching ‘critical mass.’  Researchers discover 3,700 DDoS attacks per day.

Mar. 10.  South Korean conglomerate, Lotte, hit by various DDoS attacks over the past few weeks by Chinese hackers.  China angry over Lotte’s agreement to provide one of its golf courses as a site for the THAAD missile defense system.

Mar. 10.  New Linux vulnerability found in IoT devices exploits CGI bug.  DDoS attacks could be carried out when Linux is run on AVTECH or CCTV devices.

Mar. 9.  DASH digital currency comes under massive DDoS attack as price rallies to $51 per coin.  Close to 500 masternodes taken offline.

Mar. 9.  Financial Conduct Authority reports DDoS attack against wealth management firms.  

Mar. 7.  Nexusguard unveils industry-first software-defined cloud DDoS mitigation platform.  Agile routing platform key to mitigating DDoS attacks.

Mar. 3.  Epoch Media Group’s New York Headquarters hit by DDoS attack originating from China after publishing a series regarding human rights violations in China.  

Mar. 1.  Malware behind Necurs botnet now capable of executing DDoS attacks.  Formerly, Necurs distributed Locky ransomware.  Has since diversified its portfolio.


Feb. 28.  Luxemburg’s national IT infrastructure taken down by massive DDoS attack.  Systems were affected for approximately 24 hours.  Motive behind the attack unknown.

Feb. 27.  In terms of sheer numbers, the U.S. ranks as the # 1 source of DDoS attacks.  According to Akamai, the U.S. accounted for 24 percent of the world’s DDoS attacks in the last quarter of 2016.

Feb. 22.  Bitcoin trading website, Bitfinex, hit by massive DDoS attack that adversely affected the website for about an hour before it was mitigated.  API was trending closer to an all-time high before DDoS occurred.

Feb. 10.  Verizon states that an unnamed university was the victim of a DDoS attack that originated from its own IoT devices.  Excessive amounts of DNS lookups resulted in severe network degradation.

Related: Protecting Your Web Presence with Multi-Layered DDoS Mitigation. Find out how.

Feb. 7.  Austrian Parliament website taken down for 20 minutes by DDoS attack.  Turkish hacking group suspected.  Type of malware not commented on.

Feb. 6.  Over 10,000 nodes knocked off the Dark Web as Anonymous hacker DDoS’s child porn site.

Feb. 3.  Hacking made great again as Trump Hotel’s website suffers DDoS attack as evidenced by Cloudfare protection notification upon accessing the site.  

Feb. 3.  Playstation Network taken down by DDoS attack.  Hacking group known as LizardSquad takes credit for attack.

Feb. 3.  Users of Kodi may have unwittingly been party to a DDoS attack by utilizing Exodus add-on.  Creator of malicious code known as Lambda.

Feb. 3. After years of dormancy, SQL Slammer is experiencing a resurgence.  Check Point Software Technologies reports a major uptick in activity.


Jan. 31.  Sonic customers taken offline as telecom provider is hit by a DDoS attack.  Attack lasted about 3 hours before attack was mitigated.

Jan. 30.  Emsisoft hit by 80 Gbps DDoS attack.  Company claims site successfully withstood attack.  Merry Christmas ransomware suspected as the root cause.

Jan. 26.  Securities brokers in Hong Kong hit by DDoS attack.  Securities regulators stepping up efforts to mitigate.

Jan. 26.  Russian National Guard claims that their website was hit by major DDoS attack.  Mitigation underway.

Jan. 23.  Lloyd Banking Group hit by massive, two-day-long DDoS attack.  Attack only affected availability of service, while it is not suspected that any individual experienced financial loss.

Related: Uninterrupted Availability for Banks and Financial Institutions. Maintaining Uptime All the Time.

Jan. 23.  Cyber security expert claims that Rutgers University student is the creator of ‘Mirai’ botnet.  Student earns extra credit by being the subject of an FBI investigation.

Jan. 19.  Founder of Protestor.io attempts to organize DDoS attack for Inauguration Day by calling for DDoS against whitehouse.gov.  

Jan. 18.  Brian Krebs alleges that the infamous ‘Mirai’ botnet may have started via fighting Minecraft servers.  Fight may have begun over individuals competing for business as they sold Minecraft server space.

Jan. 9.  Hosting website, 123-reg hit by another DDoS attack as customers unable to access email accounts.  Third major DDoS attack against company in 6 months.

Jan. 9.  National Union of Journalists of the Philippines website taken offline due to DoS attack.  Investigation underway.

Jan. 8.  Drudge Report victimized by largest DDoS attack since its inception.  No one can seem to figure out who did it.

Jan. 4.  Imperva claims to have mitigated a DDoS attack measured at 650 Gbps.  Claims the DDoS had nothing to do with ‘Mirai’, and will probably set the tone for future DDoS attacks to be much worse.  New malware known as Leet malware.

Stay tuned for the Q2 2017 edition of the DDoS Diary.

Brad Casey is a freelancer writing about any and all things IT and cybersecurity related.


© 2016-2017 Cybersecurity Ventures. All rights reserved. Federal copyright law prohibits unauthorized reproduction of this Report by any means and imposes fines up to $150,000 for violations. Reproduction in whole or in part in any form or medium without expressed written permission of Cybersecurity Ventures is prohibited.