All About Cookies is an independent, advertising-supported website. Some of the offers that appear on this site are from third-party advertisers from which All About Cookies receives compensation. This compensation may impact how and where products appear on this site (including, for example, the order in which they appear).
All About Cookies does not include all financial or credit offers that might be available to consumers nor do we include all companies or all available products. Information is accurate as of the publishing date and has not been provided or endorsed by the advertiser.
The All About Cookies editorial team strives to provide accurate, in-depth information and reviews to help you, our reader, make online privacy decisions with confidence. Here's what you can expect from us:
- All About Cookies makes money when you click the links on our site to some of the products and offers that we mention. These partnerships do not influence our opinions or recommendations. Read more about how we make money.
- Partners are not able to review or request changes to our content except for compliance reasons.
- We aim to make sure everything on our site is up-to-date and accurate as of the publishing date, but we cannot guarantee we haven't missed something. It's your responsibility to double-check all information before making any decision. If you spot something that looks wrong, please let us know.
Cyber attacks, especially DDoS attacks, can disrupt services and leave us frustrated. Have you ever visited a website only to see it was down? It could very well be the victim of a DDoS attack aimed at crashing the servers.
We normally think of cybercrime as a ransomware attack trying to steal our personal data for the dark web. Instead, everything from video games to supply chains to essential government systems have been victims of a DDoS attack, but what are they? And how often do they occur?
Biggest DDoS attacks in 2022
What is a DDoS attack?
A distributed denial-of-service (DDoS) attack happens when an attacker bombards a server with fraudulent requests in an attempt to overwhelm and disable that server.
Think of the server as a castle, the cybersecurity software as the gate around the castle, and the DDoS attack as an army attacking the castle. The larger and stronger the army, and the longer they’re able to attack the gates, the more likely they are to break through them and destroy the castle.
DDoS attacks are almost impossible to prevent and difficult to defend against. The reason for their ferocity is in the sheer size of them. A request-per-second, or data packet, indicates a single request to the server. So when you see an attack such as the one on GitHub in 2018, with 120 million data packets per second, it might be difficult to comprehend.
When you type in a website address, that is a single data packet. Now think of 120 million bots every single second trying to access the website. The bot army creates too much information for the server to process, and the website goes down. Luckily, GitHub was able to survive the attack.
Kaspersky reported in Q3 of 2022, DDoS attacks rose by 47.87% from Q3 of 2021. Information is not yet available for Q4. We don’t, however, need to see the evidence of DDoS attacks in Q4 to know they will have risen even more. It’s a trend that doesn’t seem to be stopping or slowing down.
According to a study done by the Ponemon Institute and IBM, the cost of a data breach in the U.S. in 2022 was, on average, $9.44 million. An average attack now takes about 277 days to identify and contain. This can cripple or even destroy a business that relies mostly on the internet to function.
Arts & Entertainment sites used to bear the brunt of DDoS attacks, but Russia’s attack on Ukraine changed that landscape. Media outlets are now the prime targets of Hacktivist groups. Hacktivist groups continue to target financial institutions, corporate environments, the health care industry, and other gatekeepers of sensitive data.
The use of a virtual private network (VPN) and good cybersecurity practices can help fight against DDoS attacks. Although most of these attacks are focused at large-scale governments and businesses, you can be hacked and used as part of a botnet army. Using the best cybersecurity software available will help protect your devices from being used for nefarious purposes. Additionally, be wary of social engineering scams, such as phishing attacks that allow cybercriminals to deposit malware onto your device.
Biggest DDoS attacks in 2022
It may be difficult to pinpoint the full scope of DDoS attacks. The stigma around being the victim of a cyber attack is still strong. Customer data such as Social Security numbers and credit card information can’t be recouped even after a thorough incident response. Businesses often see a dip in stock prices, new customer acquisition, or customer retention after disclosing a data leak.
Government service providers tend to be more transparent. With guides from the FBI and the Cybersecurity and Infrastructure Security Agency (CISA) setting the standards for government agencies and their computer systems, it’s evident the best minds are at work protecting sensitive information from hackers.
That said, here are some of the more notable attacks of 2022:
Without disclosing who, the company Cloudflare listed cybersecurity threats, security incidents, and cyber incidents it mitigated for its clients. One in April 2022 and another in June 2022. The April attack recorded around 15.3 million requests per second, one of the largest ever reported. By June, however, the client was defending against a 26 million request-per-second attack.
Google Cloud Armor Customer
A Google Cloud Armor customer suffered a DDoS attack in June 2022. Cloud Armor notified the customer in the earliest parts of the attack, and it was able to defend against the 46 million request-per-second assault by the time it ramped up to its full power. This particular DDoS attack utilized more than 5,000 IP addresses in 132 countries.
In September 2022, gamers noticed an inability to play streaming games, such as “World of Warcraft,” “Call of Duty,” and “Overwatch.” Activision Blizzard used social media to let customers know they were under a DDoS attack and that servers were down. The outage lasted three-and-a-half hours from when Activision Blizzard first tweeted about a server issue until the servers were back up and gamers were able to access the games again.
After removing Soviet-era memorials, many public and private sector agencies suffered multiple DDoS attacks. In August 2022, Russian hacking group Killnet claimed responsibility for the attacks launched at more than 200 Estonian institutions. The Russian government openly admonished Estonia for the removal of the memorials.
In July 2022, the Albanian government shut down most of its websites in an attempt to stop a full-blown DDoS attack. A few months earlier, the government had moved most public sector services online. Microsoft was part of the team that helped shut down websites in an effort to prevent a full overload of the government’s servers by the attackers. The attacks were suspected to have been a state-sponsored effort launched by Iranian threat actors.
Unsurprisingly, the Ukraine has been under a constant barrage of attacks leading up to and since the Russian invasion in February 2022. The U.S. state department along with allies and partners openly condemned the Russian invasion, both physically and digitally. As the war continues on the ground, so does the attack against Ukrainian cyber systems in both the government and private sectors.
In response to the war in Ukraine, Russia has seen an unprecedented number of DDoS attacks on its government and private sectors. The ISP’s experts identified more than 21 million attacks aimed at around 600 Russian organizations. Moscow was the area hit the hardest with large attacks lodged at banks and other vital institutions. The Ukrainian IT army claimed responsibility for one attack that disrupted the distribution of alcohol in Russia.
The United States
In the second quarter of 2022 (April-June), Kaspersky noted that the U.S. incurred 43.25% of all DDoS attacks launched worldwide. This was more than any other country. The pro-Russian group Killnet, also claiming responsibility for the attacks in Estonia, were able to successfully attack the U.S. Federal Tax Payment system site, and caused it to shut down for several hours.
What is the most famous DDoS attack?
The most famous DDoS attack was on GitHub in 2018. The attacker sent 120 million data packets per second to try to overwhelm and crash the servers using a memcache approach rather than a botnet. GitHub was able to survive.
Do DDoS attacks still happen?
Yes, DDoS attacks still happen, in fact, they’re on the rise. DDoS attacks in 2022 not only increased but also lasted longer. In 2021, the average attack lasted 30 minutes. By the same time in 2022, DDoS attack length rose to an average of 50 hours.
Are cyberattacks on the rise?
Yes, cyberattacks are on the rise. Since the onset of the COVID-19 pandemic in March 2020, cyber attacks have risen 600% with an estimated cost of $8 trillion dollars in damages by the end of 2023.
The year 2022 saw a significant increase in the frequency and severity of DDoS attacks. The top eight attacks listed here were particularly noteworthy for their scale and impact. From major financial institutions in Russia to government websites worldwide, no industry was immune to the disruption caused by the security breaches.
As the world becomes increasingly reliant on technology, the threat of DDoS attacks will continue to grow. Their use as political weapons became prevalent in 2022 with the Russian attack on Ukraine, and there’s no sign they’ll slow down. Although it seems like a problem that doesn’t affect you, even your computer can be used as a soldier in these online armies. Staying safe online will help you avoid being an unwilling attacker. By staying vigilant and proactive, we can help ensure a safer and more secure online experience for everyone.