Year in Review: Top DDoS Attacks In 2020


Since the COVID-19 pandemic started spreading across the world in the first quarter of 2020, a lot of day-to-day activities like shopping, work, food delivery, learning, and recreation have moved online. There has also been increased internet usage as people search for information regarding COVID-19. This shift to online activities has made government, health, media, retail, and other essential services websites an attractive target for DDoS attackers.

That being said, DDoS attacks have not only evolved in size but also scale and sophistication. The most common and prevalent attacks include Application layer attacks, Burst Attacks, Protocol Attacks, Volume-based attacks, Advanced Persistent DoS (APDoS), DNS Water Torture Attack, SSL-Based Cyber Attacks, PDoS – Permanent Denial of Service, and IoT Botnets.

In this article, we will look at the major DDoS attacks that have happened in 2020 in various parts of the world. 

Major DDoS attacks in Q1 of 2020

The first quarter of 2020 was characterized by faster, shorter, and more destructive complex DDoS attacks.Kicking off the year, we saw politically motivated attacks in Greece in mid-January. Websites of government agencies and emergency services suffered two DDoS attempts. Some resources websites belonging to the prime minister, the police, the fire service, and some ministries were temporarily taken down. Anka Neferler Tim, a Turkish hacker group claimed responsibility for the initial attack, but the perpetrators of the second attacks are yet to be known. In mid-March, there were attempts to disable the website of the US Department of Health and Human Services (HHS). The aim was to deny US citizens access to official information regarding the COVID-19  pandemic and government guidelines. This attack happened concurrently with a social media misinformation spree about a nationwide quarantine in the US. This attempt failed, however, and the HHS website continued functioning despite the heavy traffic. On March 22,another health-related attack was targeted at the Paris-based group of hospitals Assistance Publique-Hôpitaux de Paris. The attack aimed at taking down the organization’s entire infrastructure. This didn’t work but employees working remotely were unable to access corporate email and apps for some time. On March 18, two food delivery companies, Lieferando in Germany and Thuisbezorgd in the Netherlands)suffered a DDoS attack. The companies were able to take orders, but processing the orders was impossible in the course of the attacks, necessitating them to refund their customers. The attackers targeting Lieferando asked for a 2 BTC (over$13,000 USD) to stop the DDoS. The company’s CEO stated they did not pay the ransom.Online games were not spared either in this first quarter of 2020. A DDoS attack was targeted at Online gaming platforms Eve Onlineand Battle.netin late January. The attack on Eve Online was so vicious that it went on for nine days before it could be resolved. On March 16, the German distance learning platform was launching its very first remote school day when it suffered a DDoS attack. The service allows teachers and schoolchildren in the federal state of Bavaria to exchange homework, learning materials, and tests. It went down for several hours. Speculations have it that the attack could have been launched by a not-so-enthusiastic Bavarian student.

Major DDoS attacks in Q2 of 2020

Q2The major social-political events that characterized Q1 of 2020 heavily influenced DDoS attacks in Q2. There was a soar of attacks against US human rights organizations, with almost 1120 attacks at the end of May. These attacks went hand in hand with protests going on in the US at the time. The opposite side of the ongoing conflicts was not spared, with DDoS attacks aimed at the Minnesota State Information Technology Services and the Minneapolis Police. Several tweets were alleging that anonymous hacktivists who wanted to expose police crimes were behind the attack. The group however did not claim responsibility. In June, Russia was preparing to hold a multi-day vote for a constitutional amendment. The preparations attracted DDoS attacks, with an attack on the Central Election Commission a day after voting began, followed by an attack on the online voting service. While the operation was not disrupted, the site suffered outages as the voting started. The CEC spokesperson said that the overwhelming traffic was coming from Singapore and Great Britain. Meanwhile, an independent social and political news outlet, Belarus Partisan, got attacked. A spokeswoman said the publication’s portal was flooded by foreign traffic sources before local sources joined. The publication had to change its website’s IP address to avert the attacks. In a case of poetic justice, American company Cloudflare whose CDN services are aimed at protecting against DDoS attacks, suffered an attack on June 18. The attack which lasted four days reached a speed of 754 million packets of traffic per second during its peak.  This traffic was coming from more than 316,000 IP addresses targeting one Cloudflare IP address usually used for customer free plans. The attackers however failed to overload routers and other devices in its data center. 

DDoS attacks in Q3 of 2020

Q3 of 2020 was relatively uneventful as there were no headline innovations from a DDoS perspective. However, cybercriminals continued to master techniques and launch DDoS attacks. The most newsworthy DDoS attacks involved extortions from attackers known to hide behind various APT group names such as Armada Collective, FancyBear, and Lazarus. The attackers send ransom emails for Bitcoin around the world, demanding anywhere from 5BTC to 20 BTC with threats of DDoS attacks in case of non-payment. Several organizations in New Zealand were targeted by these hacker groups in August and early September. The New Zealand Stock Exchange(NZX) was one of the victims, and it went offline for several days. Other victims were Paypal, Braintree, Indian bank YesBank and other financial institutions. That was followed by another wave of attacks on several European ISPS, accompanied by Bitcoin ransom demands. It is however not clear if the attacks were from the same group. Hungarian telecommunications and financial companies were also rocked hard by a big DDoS attack at the end of September. Magyar Telekom reported that this wave of junk traffic originated from China, Russia, and Vietnam. These attacks were accompanied by ransom demands as well. There was a series of DDoS attacks on public-flight tracking services in late September. Affected services included UK platform Plane Finder and Sweden’s Flightradar24; which monitor real-time air traffic. These are high-demand services for both media and players in the aviation space. The services, therefore, had to go on operating as the attacks were mitigated. Flightradar for example tweeted that they had been attacked thrice in a very short time. FlightAware, a US company also reported service interruptions but they didn’t confirm whether it was due to system malfunctions or an attack. Q3 of 2020 didn’t spare media organizations from DDoS attacks. Dozhd, a Russian TV station announced that it had suffered an attack on August 24. The attackers tried to take news resources offline during both daytime and evening broadcasts. In early September, news agency Ugrapro was attacked as well, with junk traffic coming from Russia and other territories at a rate of more than 5,000 packets per second. News portals Sputnik Armenia and Chronicles of Turkmenistan also reported attacks on their sites in late September. 

What to expect in Q4 of 2020?

Q4It should be interesting to see what this last quarter of the year holds. The USA elections have just taken place and there had been predictions that DDoS attacks could escalate over the next few weeks. In October alone, there have been 18.4 million records of data breaches and cyber-attacks, which makes the month the leakiest yet in 2020. We are headed to the Christmas and New Year season, a season of sales frenzy, and it is predicted that eCommerce giants might be susceptible to DDoS attacks. This has been an extraordinary year, and it won’t be a surprise if the DDoS attacks dominate as compared to other last quarters of the past few years. 

Final word

There is no time that the word “unprecedented” has been used as much as it has in 2020.  It aptly describes the unforeseen high number and complex DDoS attacks that have been targeted at various industries. From the major attacks described above, it is clear that attackers have especially targeted COVID 19-related lifelines such as eCommerce, education, media, government services, and human rights organizations.