Virtual Event: Threat Detection and Incident Response Summit - Watch Sessions
Connect with us

Hi, what are you looking for?


Network Security

MIT Network Under Frequent DDoS Assault: Report

MIT Hit By More Than 35 DDoS Attacks So Far This Year

MIT Hit By More Than 35 DDoS Attacks So Far This Year

Since the beginning of the year, the MIT (Massachusetts Institute of Technology) network has been assaulted at least 35 times by distributed denial of service (DDoS) attacks, Akamai reveals.

According to a new report from the Akamai SIRT (Security Intelligence Response Team), these DDoS campaigns have been aimed at different targets within MIT, and roughly 43% of the attacks leveraged DDoS reflection and amplification methods. Attackers targeted multiple destination IPs within the MIT network during these incidents and used a combination or devices to launch the attacks, Akamai said.

Authored by Wilber Mejia, Akamai SIRT, the case study (PDF) reveals that 14 unique floods were used in these DDoS campaigns, namely ACK, CHARGEN, DNS, GET, ICMP, NTP, NETBIOS, RESERVE protocol, SNMP, SSDP, SYN, TCP anomaly, UDP, and UDP FRAGMENT floods. The devices used to launch these attacks were vulnerable to reflection abuse and spoofed IP sources.

The largest of the attacks peaked at 295 Gbps (Gigabits per second) and consisted of only a UDP flood signature that researchers believe to be a variant of the STD/Kaiten malware. The attack topped 58.6 Million Packets per second and used a combination of UDP Flood, UDP Fragment, DNS Flood attack vectors. Another large incident peaked at 89.35 Gbps using the same combination of attack vectors.

“These attack types have commonly been included in sites offering so called booter or stressor services,” Mejia notes in the case study. UDP and DNS reflections attack vectors were used to generate the most attack traffic from the investigated campaigns, the researcher reveals.

The report also mentions that the reflectors used in these attacks are not necessarily owned or acquired by the malicious actors, but that they are rather abused in these incidents. The reflectors used in the attacks against MIT were mainly located in China, but researchers observed a total of 18,825 unique sources of reflectors around the world during the MIT attacks.

Advertisement. Scroll to continue reading.

The case study also reveals that Xor DDoS botnet attacks were persistent across these campaigns, but they did not produce the largest amount of malicious traffic against MIT. This type of attacks are more accessible to a much larger population of malicious actors, it seems.

“The fact is almost anyone with motivation and enough knowledge to determine the IP of their target can launch these attacks at low cost. A recent look at a pricing of popular sites offering DDoS ‘stresser’ services show this can be performed for as little as 19.99/month,” Mejia explains.

During the first quarter of this year, Akamai observed a record number of DDoS attacks (19) larger than 100 Gbps, and revealed in the beginning of June that attackers also started to leverage TFTP (Trivial File Transfer Protocol) protocol for reflection and amplification. In June, Imperva researchers observed a 470 Gbps incident that leveraged no less than nine different payload (packet) types.

Related: Botnet Uses IoT Devices to Power Massive DDoS Attacks

Related: Thousands of CCTV Devices Abused for DDoS Attacks

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content

Identity & Access

Zero trust is not a replacement for identity and access management (IAM), but is the extension of IAM principles from people to everyone and...

Cybersecurity Funding

Network security provider Corsa Security last week announced that it has raised $10 million from Roadmap Capital. To date, the company has raised $50...

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...

Network Security

Attack surface management is nothing short of a complete methodology for providing effective cybersecurity. It doesn’t seek to protect everything, but concentrates on areas...

Network Security

NSA publishes guidance to help system administrators identify and mitigate cyber risks associated with transitioning to IPv6.


Websites of German airports, administration bodies and banks were hit by DDoS attacks attributed to Russian hacker group Killnet

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Network Security

Our networks have become atomized which, for starters, means they’re highly dispersed. Not just in terms of the infrastructure – legacy, on-premises, hybrid, multi-cloud,...