How Media Reports Trigger Copycats: An Analysis of the Brewing of the Largest Packet Storm to Date

Research output: Chapter in Book/Conference proceedings/Edited volumeConference contributionScientificpeer-review

6 Citations (Scopus)


In late February 2018, news spread through the mainstream media about a massive distributed denial-of-service attack on the popular software collaboration website Estimated at a rate of 1.3 Terrabit per second, this massive packet flood was the largest DDoS attack by volume to date, surpassing previous records set by the first IoT-based DDoS attacks in 2017.

In this paper, we analyze the behavior of the actors scanning and probing the Internet for presence of exploitable memcached servers that were the root cause of this attack, both before and after the media coverage. We find that the attacks of late February were preceeded by a large scale reconnaissance action a month before, and that the attacks were the result of an extended evolution of methods to find a suitable attack strategy. Furthermore, we see that the coverage about the massive DDoS attack actually triggered another wave of DDoS attacks, resulting in the large influx of new, previously unseen users who seem to be leveraging ready-made tools.
Original languageEnglish
Title of host publicationWTMC'18
Subtitle of host publicationProceedings of the 2018 Workshop on Traffic Measurements for Cybersecurity
Place of PublicationNew York, NY
PublisherAssociation for Computing Machinery (ACM)
Number of pages6
ISBN (Print)978-1-4503-5910-8
Publication statusPublished - 2018
EventWTMC ’18: Workshop on Traffic Measurements for Cybersecurity - Budapest, Hungary
Duration: 20 Aug 201820 Aug 2018


WorkshopWTMC ’18


  • denial-of-service attacks
  • memcached
  • threat intelligence


Dive into the research topics of 'How Media Reports Trigger Copycats: An Analysis of the Brewing of the Largest Packet Storm to Date'. Together they form a unique fingerprint.

Cite this