Rio Olympics was a perfect time for the rise of DDoS attacks, Anonymous promised that during the Olympics, DDoS attacks will spike, and they delivered. The biggest one peaked at 540 Gbps.
Telemetry data from Arbor Networks, a network security company reported that during two weeks, DDoS attacks reached an all-time high with average daily attacks reaching 500 Gbps. The biggest one spiked at 540 Gbps, not far from the highest one ever recorded, which spiked at 579 Gbps, also detected by Arbor networks during June 2016.
Just look at the chart below, showing DDoS attack during the last 12 months. As soon as Rio Olympics started, a massive spike was detected, pushing DDoS attack activity to the stratosphere.
The biggest portion of attacks came as a result of a hacktivism campaign started by Anonymous, with a self-explanatory hashtag #OpOlympicHacking. The campaign even led to the creation of a special Windows app which, once installed, allowed users to participate in the campaign by allowing their PCs to borrow their resources and bandwidth. Something of a hacking Olympics, and by the looks of it, Anonymous should’ve received a gold medal.
The fact that many Brazilians were against Olympics just pushed forward the campaign, since many people in Brazil supported the campaign, and let us not forget that Brazil has a population of more than 200 million. This isn’t new since Brazilians were against the 2014 World Cup, and when 2016 Olympics came close they wanted to show their displeasure with government’s decision to spend massive amounts of money into organizing the two events, while many people in Brazil are living in poverty, not to talk about Brazil’s poor healthcare and education systems.
Arbor Networks reported that most of the attacks were carried out with the help of DDoS botnets, using LizardStresser. LizardStresser is an open-source DDoSing tool sourced and released last year by Lizard Squad. Although LizardStresser isn’t able to launch reflection DDoS attacks, Arbor reported that reflection attacks were present, but they were carried out by other types of botnets.
According to Arbor, a large portion of the attacks comprised out of reflection attack vectors, such as NTP, SSDP, Chargen, and DNS. Aside from application-layer attacks against DNS and Web servers, a classic packet attacks were also organized, using UDP and TCP SYN packets.
Generic Routing Encapsulation (GRE) protocol was also used for Rio DDoS attacks. The main attack targets were organizations connected to the Olympics, with hackers launching DDoS attacks even before Olympics officially started.