Threat Landscape
Camouflage, deception, overload – Layer 7 DDoS attack in the shadow of the NoName057(16) attacks
- Lisa Fröhlich
- June 26, 2025
End of April 2025: While the political debate in Germany is coming to a head over the planned delivery of Taurus cruise missiles to Ukraine, a digital offensive has begun in its shadow. Pro-Russian hacker groups – led by NoName057(16) – are intensifying their attacks on German companies, institutions, and cities. Within a few days, […]
READ MORE
Threat Landscape
DDoS Attack on Municipal Web Infrastructure Successfully Mitigated
- Lisa Fröhlich
- June 12, 2025
Recently, the website of an Israeli city administration experienced a brief but intense Layer 7 DDoS attack. The attack resulted in a flood of approximately 18 million HTTP requests, averaging over one million per minute. The attackers targeted only the root domain of the city’s website, leaving APIs and other endpoints unaffected. Technical Analysis of […]
READ MORE
Threat Landscape
When the secure tunnel breaks: DDoS attacks on VPNs and their consequences
- Irina Dobler
- June 6, 2025
On a seemingly normal morning in the home office, several employees try to log into the company network via VPN as usual. But instead of working productively on projects, they are greeted by an error message: “Connection failed”. The company’s VPN gateway has fallen victim to an organized DDoS attack and remote access is completely […]
READ MORE
Threat Landscape
Botnet with tactics: DNS amplification hits critical backend port
- Lisa Fröhlich
- May 30, 2025
Friday, 10:14 a.m. – A routine day for the IT crew of an international financial company. A steady stream of data is flowing across the monitoring console at just under fifty megabits per second. Two minutes later, the needle jumps to 1.7 gigabits. Another minute passes, then the needle shoots up to 60 gigabits and […]
READ MORE
Threat Landscape
A lesson in carpet bombing and sophisticated resource management
- Lisa Fröhlich
- April 30, 2025
A lesson in carpet bombing and sophisticated resource management Sometimes attacks on the internet appear to be precision strikes Small groups with clear goals, focused on a single victim And sometimes an attack is more like a wildfire: random and unstoppable The attack we investigated this month falls into neither category It was a mixture […]
READ MORE
Threat Landscape
When the Full Arsenal of DDoS Attacks is Used
- Lisa Fröhlich
- March 26, 2025
A recently documented DDoS attack on the Link11 network has revealed a new level of complexity in today’s attacks. In particular, it highlighted the increasing sophistication of cyberattacks and the need to continually adapt defenses. The attack: a complex interplay of DDoS methods The attack was a complex interplay of DDoS methods and what makes […]
READ MORE
Threat Landscape
The emergence of a SuperBot – Are we facing a new era of cyberattacks?
- Jag Bains
- March 11, 2025
In a recent development, massive botnets have emerged, delivering unprecedented Distributed Denial-of-Service (DDoS) attacks, as described in this Ars Technica article. At Link11 we have seen and mitigated several attacks that are leveraging these types of botnets, with differing techniques and vectors but with the common characteristic of having massive capacity and scale. Understanding Botnets […]
READ MORE
Threat Landscape
Web DDoS attack with high packet rate – TCP takes down website
- Lisa Fröhlich
- February 21, 2025
A recent Web DDoS attack registered in the Link11 network clearly shows how high the load on an attacked website can be. The attack was an application layer attack with a high number of packets per second. The cyberattack not only reached a packet rate of 45 million packets per second, but also had an […]
READ MORE
Threat Landscape
Vulnerability in ChatGPT’s crawler: How it can be exploited
- Lisa Fröhlich
- January 24, 2025
A recently discovered vulnerability in ChatGPT’s crawler could be used by attackers to launch Distributed Denial-of-Service (DDoS) attacks against any website. The problem lies in the way the ChatGPT API endpoint processes certain requests and then sends multiple requests in parallel to external websites. The underlying vulnerability has not been acknowledged or fixed by either […]
READ MORE
Threat Landscape
The dark side of digital progress: Why software security remains a perennial issue
- Lisa Fröhlich
- September 10, 2024
Even if we’re not explicitly aware, software and applications have become an essential part of our digital lifeblood. Whether it’s online shopping, work, or communication, almost everything we do depends on software. But behind this digital facade lurk dangers that are often underestimated. The security of our software is a complex issue that goes far […]
READ MORE
Threat Landscape
How artificial intelligence is changing DDoS attacks
- Jag Bains
- December 20, 2023
The DDoS landscape is constantly evolving. Cybercriminals are well aware of the latest technological developments and use them to their advantage. The emergence of Artificial Intelligence (AI) in the cybercrime space is no exception, and it presents completely new challenges to organizations and companies that find themselves in the crosshairs of these attackers. DDoS attacks […]
READ MORE
Threat Landscape
DDoSia: Attack tool with explosive growth
- Fabian Sinner
- November 15, 2023
The term DDoSia was first mentioned in October 2022, when the pro-Russian hacker group, NoName057(16), confirmed the existence of the new DDoS project on the social network Telegram. The project itself is considered the successor to the former Bobik botnet that was successfully combated and disbanded in September 2022. Since then, DDoSia has grown significantly […]
READ MORE