Google says the company addressed a Distributed Denial of Service (DDoS) attack from several Chinese ISPs in 2017 which remains the largest bandwidth attack known to date. Security researchers see different types of attacks being used for different purposes. DDoS attacks for instance disrupt or block sites or online services. Although Government-backed threat groups are less likely to perform DDoS attacks. Google has seen hacking groups increase their capabilities in launching large-scale DDoS attacks in recent years.
Google on DDoS attacks
“In 2017, our Security Reliability Engineering team measured a record-breaking UDP amplification attack sourced out of several Chinese ISPs (ASNs 4134, 4837, 58453, and 9394), which remains the largest bandwidth attack of which we are aware,” said Shane Huntley, Director of Threat Analysis Group at Google.
A coordinated approach is of paramount importance when it comes to addressing large-scale state-sponsored DDoS attacks. Google has been working with partners that help the search giant identify and cripple the infrastructure used to conduct DDoS attacks. The company says it will improve its effort in making DDoS activities known to the public through various sources without disclosing confidential information to malicious actors.
A few months ago, Google reported phishing attempts against the Biden and Trump presidential campaigns by Chinese and Iranian APTs who targeted personal with campaign staffers, courtesy of credential phishing emails and the ones containing tracking links. Recently, a similar Microsoft report raised concerns over international hacking groups from Russia, China, and Iran ‘targeting’ American politicians ahead of the presidential election this year.
Last month, security researchers at Imperva released a report that revealed DDoS attacks motivated by financial gains are on the rise. Researchers have observed a malicious activity in an instance where a company’s entire network suffered a DDoS attack. In this attack, threat actors demanded a ransom of 30 bitcoin worth approximately $328,000 in an initial stage.
Attackers later went on to demand additional 10 bitcoins worth approximately $110,000 for each day the ransom remains unpaid. Threat actors further threatened to carry another DDoS attack on the company’s main IP address to prove the ‘DDoS attack’ in question wasn’t a hoax.