Image

"…[S]everal organizations affiliated with the Olympics… [came] under large-scale volumetric DDoS attacks ranging from the tens of gigabits/sec up into the hundreds of gigabits/sec. A large proportion of the attack volume consisted of UDP reflection/amplification attack vectors such as DNS, chargen, ntp, and SSDP, along with direct UDP packet-flooding, SYN-flooding, and application-layer attacks targeting Web and DNS services."A DDoS-for-hire service known as LizardStresser staged most of the pre-Olympic attacks. The Internet of Things (IoT) botnet, which is not the first of its kind, is the same booter that Lizard Squad created shortly after its Christmas 2014 takedown of Xbox Live and PlayStation Network. Perhaps in response to that notoriety, someone hacked LizardStresser just a few weeks after its 2015 debut and leaked the unencrypted login credentials of more than 14,000 prospective users. Once the Olympics got under way, LizardStresser along with a few other botnets ramped up their attack against organizations affiliated with the Olympics. The DDoS campaign launched attack traffic using the lesser-known IP protocol Generic Routing Encapsulation (GRE).
Image

"As most (not all) UDP reflection/amplification attacks tend to target UDP/80 or UDP/443 in order to confuse defenders who might not notice that the attackers are using UDP instead of TCP (TCP/80 is typically used for non-encrypted Web servers, and TCP/443 for SSL-/TLS-encrypted Web servers), we believe the attackers were attempting to masquerade an attack on the BGP routing protocol used to weave Internet-connected networks together."But that didn't fool Brazil and other information security personnel responsible for protecting the Rio Olympics’ online presence. They did their due diligence and worked to understand their endpoint devices so that they could implement DDoS countermeasures throughout the Games' network. With those key mitigation services in place, Brazil and the International Olympics Committee (IOC) kept the systems up and running despite peak attack traffic registering in at a whopping 540 Gb/sec.
Image
