All About Cookies is an independent, advertising-supported website. Some of the offers that appear on this site are from third-party advertisers from which All About Cookies receives compensation. This compensation may impact how and where products appear on this site (including, for example, the order in which they appear).
All About Cookies does not include all financial or credit offers that might be available to consumers nor do we include all companies or all available products. Information is accurate as of the publishing date and has not been provided or endorsed by the advertiser.
The All About Cookies editorial team strives to provide accurate, in-depth information and reviews to help you, our reader, make online privacy decisions with confidence. Here's what you can expect from us:
- All About Cookies makes money when you click the links on our site to some of the products and offers that we mention. These partnerships do not influence our opinions or recommendations. Read more about how we make money.
- Partners are not able to review or request changes to our content except for compliance reasons.
- We aim to make sure everything on our site is up-to-date and accurate as of the publishing date, but we cannot guarantee we haven't missed something. It's your responsibility to double-check all information before making any decision. If you spot something that looks wrong, please let us know.
The year 2022 saw a significant increase in the frequency and severity of DDoS attacks. The top eight attacks listed here were noteworthy for their scale and impact. From major financial institutions in Russia to government websites worldwide, no industry was immune to the disruption caused by the security breaches.
Everything from video games to supply chains to essential government systems has been a victim of a DDoS attack. But what are DDoS attacks, how often do they occur, and how can you protect your devices from joining the botnet army?
What is a DDoS attack?
A distributed denial-of-service (DDoS) attack happens when an attacker bombards a server with fraudulent requests to overwhelm and disable that server.
Think of the server as a castle, the cybersecurity software as the gate around the castle, and the DDoS attack as an army attacking the castle. The larger and stronger the army, and the longer they can attack the gates, the more likely they are to break through them and destroy the castle.
DDoS attacks are almost impossible to prevent and difficult to defend against. The reason for their ferocity is their sheer size of them. A request-per-second, or data packet, indicates a single request to the server. So when you see an attack such as the one on GitHub in 2018, with 120 million data packets per second, it might be difficult to comprehend.
When you type in a website address, that is a single data packet. Now, think of 120 million bots trying to access the website every single second. The bot army creates too much information for the server to process, and the website goes down. Luckily, GitHub survived the attack.
Arts and entertainment sites used to bear the brunt of DDoS attacks, but Russia’s attack on Ukraine changed that landscape. Media outlets are now the prime targets of Hacktivist groups, which continue to target financial institutions, corporate environments, the healthcare industry, and other gatekeepers of sensitive data.
Using a virtual private network and good cybersecurity practices can help fight against DDoS attacks. Although most of these attacks are focused on large-scale governments and businesses, you can be hacked and used as part of a botnet army. Using the best cybersecurity software available can help protect your devices from being used for nefarious purposes.
Recommended antivirus software bundled with a VPN
Antivirus | ||||
Best for | Best overall antivirus software | All-in-one software | Comprehensive security | Best value |
Starting price | $29.00/yr (first year only) | $35.99/first yr | $29.99/first yr | $3.19/mo (billed annually) |
Features | Zero-day scans, anti-phishing, ransomware protection, password manager, ad blocker, TotalVPN | Antivirus protection, VPN, password manager, security for multiple devices | Antivirus, malware, ransomware, and hacking protection, cloud backup, password manager, Norton Secure VPN | Antivirus protection, Surfshark VPN, private search engine, data leak alerts, ad blocker |
Learn more | Get TotalAV | Get Aura | Get Norton360 Antivirus | Get Surfshark Antivirus |
Biggest DDoS attacks of 2022
It may be difficult to pinpoint the full scope of DDoS attacks. The stigma around being a cyberattack victim is still strong. Customer data such as Social Security numbers and credit card information can’t be recouped even after a thorough incident response. After disclosing a data leak, businesses often see a dip in stock prices, new customer acquisition, or customer retention.
Government service providers tend to be more transparent. With guides from the FBI and the Cybersecurity and Infrastructure Security Agency (CISA) setting the standards for government agencies and their computer systems, it’s evident the best minds are at work protecting sensitive information from hackers.
1. Cloudflare Clients
Without disclosing who, the company Cloudflare listed cybersecurity threats, security incidents, and cyber incidents it mitigated for its clients. One in April 2022 and another in June 2022. The April attack recorded around 15.3 million requests per second, one of the largest ever reported. By June, however, the client was defending against a 26 million request-per-second attack.
2. Google Cloud Armor Customer
A Google Cloud Armor customer suffered a DDoS attack in June 2022. Cloud Armor notified the customer in the earliest parts of the attack, and it could defend against the 46 million request-per-second assault by the time it ramped up to its full power. This particular DDoS attack utilized more than 5,000 IP addresses in 132 countries.
3. Activision Blizzard
In September 2022, gamers noticed an inability to play streaming games, such as “World of Warcraft,” “Call of Duty,” and “Overwatch.” Activision Blizzard used social media to let customers know they were under a DDoS attack and that servers were down. The outage lasted three-and-a-half hours from when Activision Blizzard first tweeted about a server issue until the servers were back up and gamers could access the games again.
4. Estonia
After removing Soviet-era memorials, many public and private sector agencies suffered multiple DDoS attacks. In August 2022, Russian hacking group Killnet claimed responsibility for the attacks launched at more than 200 Estonian institutions. The Russian government openly admonished Estonia for removing the memorials.
5. Albanian Government
In July 2022, the Albanian government shut down most of its websites to stop a full-blown DDoS attack. A few months earlier, the government had moved most public sector services online. Microsoft was part of the team that helped shut down websites in an effort to prevent the attackers from overloading the government’s servers. The attacks were suspected to have been a state-sponsored effort launched by Iranian threat actors.
6. Ukraine
Unsurprisingly, Ukraine has been under a constant barrage of attacks leading up to and since the Russian invasion in February 2022. The U.S. State Department, along with allies and partners, openly condemned the Russian invasion, both physically and digitally. As the war continues on the ground, so does the attack against Ukrainian cyber systems in both the government and private sectors.
7. Russia
In response to the war in Ukraine, Russia has seen an unprecedented number of DDoS attacks on its government and private sectors. The ISP’s experts identified over 21 million attacks aimed at around 600 Russian organizations. Moscow was the area hit the hardest, with large attacks lodged at banks and other vital institutions. The Ukrainian IT army claimed responsibility for one attack that disrupted the distribution of alcohol in Russia.
8. The United States
In the second quarter of 2022 (April-June), Kaspersky noted that the U.S. incurred 43.25% of all DDoS attacks launched worldwide, more than any other country. The pro-Russian group Killnet, also claiming responsibility for the attacks in Estonia, successfully attacked the U.S. Federal Tax Payment system site and caused it to shut down for several hours.
FAQs
What is the most famous DDoS attack?
The most famous DDoS attack was on GitHub in 2018. The attacker sent 120 million data packets per second to try to overwhelm and crash the servers using a memcache approach rather than a botnet. GitHub was able to survive.
Do DDoS attacks still happen?
Yes, DDoS attacks still happen, in fact, they’re on the rise. DDoS attacks in 2022 not only increased but also lasted longer. In 2021, the average attack lasted 30 minutes. By the same time in 2022, DDoS attack length rose to an average of 50 hours.
Are cyberattacks on the rise?
Yes, cyberattacks are on the rise. Since the onset of the COVID-19 pandemic in March 2020, cyber attacks have risen 600%, with an estimated cost of $8 trillion dollars in damages by the end of 2023.
Bottom line
As the world increasingly relies on technology, the threat of DDoS attacks will continue to grow. Their use as political weapons became prevalent in 2022 with the Russian attack on Ukraine, and there’s no sign they’ll slow down. Although it seems like a problem that doesn’t affect you, even your computer can be used as a soldier in these online armies. Securing your devices with a VPN and antivirus bundle will help you avoid being an unwilling attacker.
By staying vigilant and proactive, we can help ensure everyone a safer and more secure online experience.