The subject bank has had problems for the second day today. So while reading what is circulating on the internet and social media, I noticed the following headline in a caption:
“165 million attacks from 140 countries” Hmm….
Reading the headline someone who doesn't know thinks that security experts have prevented 165 million attacks. Um, the attack was one.
What is DDoS?
DDoS (Distributed Denial of Service) attacks are conducted using a network of internet-connected computers to overwhelm a target server from multiple points, causing it to receive far more traffic than it could handle.
DDoS attacks are often carried out by a botnet, a network of computers under the control of the attacker, that uses computer resources to send "hits" to the target. As many as he can't handle. So the ministry's server went down, and the students waited for security experts to block an attack that brought a total of 165 million clicks to the subject bank in all hours.
"The Topic Bank platform received 165 million hits from 114 countries," the Ministry of Education, together with the Ministry of Digital Governance, said in a statement.
But what does a large DDoS attack mean? What sizes are we talking about?
We will give an example: The Google Cloud service he revealed in August 2022 that it blocked the largest distributed denial-of-service (DDoS) attack on record to date, culminating in at 46 million requests per second (rps).
What does this mean;
The attack targeted a Google Cloud customer using the Google Cloud Armor DDoS protection service.
During the 69 minutes of the attack, the attackers bombarded his client's HTTP/S Load Balancer with HTTPS requests, starting at 10.000 rps, scaling to 100.000 rps, before reaching a maximum of 46 million rps.
Google said at the time that it was the biggest attack ever on Layer 7, referring to the application layer — the top layer — in the Internet's OSI model. "HTTP Pipelining" technique was used to scale the rps. Google said the attack originated from 5.256 IP addresses from 132 countries.
Do the math: 46 million requests per second x 69 attack minutes.
Yes, this is considered a major attack.
So when an entire Greek state does not have the infrastructure to block a medium to small DDoS attack, there is a problem.
Many times we have announced that the country's digital systems are crap, but no one pays attention.
Security gap on the EFKA website
So let's not be hypocrites and let's not blame it on the "hackers" who dropped "ready-made" pages. The same attack can be done by anyone who has 50-100 euros to rent the equipment from a hacking tool rental site from the Dark Web.