It is being called the largest DDoS attack in history (although I suspect that will be a record broken soon enough) and millions of innocent Internet users were affected. ComputerWorld does a good job explaining the attacks:
The Spamhaus attacks involved traffic volumes that reached a staggering 300Gbps — said to be three times larger than the largest DDoS traffic seen to date and magnitudes greater than the traffic involved in a majority of past denial of service attacks.
The perpetrators behind the attack employed the well-known but infrequently used method DNS reflection to generate the huge stream of DDoS traffic directed against Spamhaus.
The attacks were on a European anti-spam organization, The Spamhaus Project, and it is likely that the intent of the attack was to end the organization’s spam-blocking service. According to CNN, Spamhaus has had a long feud with a company called CyberBunker, a data-storage group that hosts almost any type of data, including spam. There is some speculation that CyberBunker is responsible for orchestrating the DDoS attack, although the company denies any involvement.
While it does matter who carried out the attack, I think it is more important to understand why groups are focusing on DDoS attacks and what organizations can do to protect themselves. As Tom Cross, research director at Lancope, told me in an email, the attack against Spamhaus is yet another incident in an ongoing trend, and we can only expect DDoS attacks to become larger and more frequent. Also, emerging technologies like Secure DNS, Voice over IP, and Video on Demand may only make the DDoS problem worse. Cross agreed with my point that it is time for businesses and other organizations to step up their protection against attacks, telling me:
Every organization with an Internet presence should have a plan in place for responding to DDoS attacks. The time to develop a plan for reacting to these attacks is not the day that your organization is targeted. You need to be prepared well in advance. There are several different kinds of DDoS attacks that networks can experience, including massive floods of traffic of the sort seen here, as well as more precise attacks that target specific application weaknesses. Different mitigation techniques are required for these different attack classes.
Organizations must assess how their infrastructure could be affected by different kinds of DDoS attacks, Cross added, and develop detection and response strategies for each class of attack.
Last October, I predicted that DDoS attacks were going to be one of the top threats of 2013. If the Spamhaus incident is just the tip of the iceberg of how big these attacks can get, I will amend that to DDoS attacks being the threat of 2013.